erussell65

Members
  • Content count

    22
  • Joined

  • Last visited

About erussell65

  • Rank
    New Member

Contact Methods

  • ICQ
    0

Profile Information

  • Location
    US
  1. Here are the new logs: Thank you ComboFix 09-04-04.01 - Eric 2009-04-05 21:18:36.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.681 [GMT -4:00] Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Eric\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\fovigino c:\documents and settings\All Users\Application Data\fovigino\onigivof.ini c:\documents and settings\All Users\Application Data\gaboruwi c:\documents and settings\All Users\Application Data\lawilupe c:\documents and settings\All Users\Application Data\lebevati c:\documents and settings\All Users\Application Data\lebevati\itavebel.ini c:\documents and settings\All Users\Application Data\mululebi c:\documents and settings\All Users\Application Data\remofeko c:\documents and settings\All Users\Application Data\sufarudi c:\documents and settings\All Users\Application Data\sufarudi\idurafus.ini c:\documents and settings\All Users\Application Data\wavapaya c:\documents and settings\All Users\Application Data\wavapaya\ayapavaw.ini c:\documents and settings\All Users\Application Data\zapilori c:\documents and settings\All Users\Application Data\zeyigoja c:\documents and settings\All Users\Application Data\zeyigoja\ajogiyez.ini . ((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 ))))))))))))))))))))))))))))))) . 2009-03-16 22:18 . 2009-03-16 22:19 <DIR> d-------- c:\program files\iTunes 2009-03-16 22:18 . 2009-03-16 22:18 <DIR> d-------- c:\program files\iPod 2009-03-16 22:18 . 2009-03-16 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-16 22:17 . 2009-03-16 22:17 <DIR> d-------- c:\program files\Bonjour 2009-03-16 22:16 . 2009-03-16 22:16 <DIR> d-------- c:\program files\Apple Software Update 2009-03-14 11:27 . 2009-03-14 11:27 <DIR> d-------- c:\program files\Lame for Audacity . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-29 20:02 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-26 20:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 20:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-22 13:55 --------- d-----w c:\documents and settings\Eric\Application Data\Apple Computer 2009-03-17 02:18 --------- d-----w c:\program files\Common Files\Apple 2009-03-17 01:57 --------- d-----w c:\program files\QuickTime 2009-03-07 21:16 15,688 ----a-w c:\windows\system32\lsdelete.exe 2009-03-06 03:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-06 03:59 1,900,544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-02-28 17:34 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-28 17:34 --------- d-----w c:\program files\Java 2009-02-26 03:47 --------- d-----w c:\program files\CCleaner 2009-02-24 23:56 --------- d-----w c:\program files\Avira 2009-02-24 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-02-24 00:26 --------- d-----w c:\program files\Photoshop 6.0 2009-02-15 17:50 --------- d-----w c:\documents and settings\Eric\Application Data\ValuSoft 2009-02-14 05:34 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-14 05:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-11 23:41 --------- d-----w c:\program files\Trend Micro 2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys 2008-11-07 23:50 62,152 ----a-w c:\documents and settings\Emma\Application Data\GDIPFONTCACHEV1.DAT 2008-08-04 03:35 62,616 ----a-w c:\documents and settings\Eric\Application Data\GDIPFONTCACHEV1.DAT 2007-09-08 23:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007082020070827\index.dat 2007-09-08 23:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007090820070909\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-05_ 0.32.41.70 ))))))))))))))))))))))))))))))))))))))))) . - 2009-04-05 00:00:39 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-04-06 00:00:44 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-04-05 00:00:39 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-04-06 00:00:44 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-19 185632] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 148888] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] c:\documents and settings\Mollie\Start Menu\Programs\Startup\ Registration .LNK - c:\documents and settings\All Users\Documents\Register\RegistrationReminder.exe [2009-02-02 962560] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] . Contents of the 'Scheduled Tasks' folder 2009-04-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-07 17:15] 2009-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Search FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\15j82wbi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\15j82wbi.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - plugin: c:\documents and settings\Eric\Application Data\Mozilla\plugins\npPxPlay.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-05 21:21:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2009-04-05 21:25:27 ComboFix-quarantined-files.txt 2009-04-06 01:24:10 ComboFix2.txt 2009-04-05 04:35:29 Pre-Run: 12,102,877,184 bytes free Post-Run: 12,080,369,664 bytes free 130 --- E O F --- 2009-04-05 07:00:24 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:29:12 PM, on 4/5/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [yubutateke] Rundll32.exe "C:\WINDOWS\system32\jepeyija.dll",s (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [0c61d56d] rundll32.exe "C:\Documents and Settings\All Users\Application Data\zeyigoja\zeyigoja.dll",b (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\Emma\LOCALS~1\Temp\tmcrho.dll",run (User 'Emma') O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 5085 bytes
  2. Here's the combofix: and new HJT log ComboFix 09-04-04.01 - Eric 2009-04-05 0:25:52.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.708 [GMT -4:00] Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 ))))))))))))))))))))))))))))))) . 2009-03-16 22:18 . 2009-03-16 22:19 <DIR> d-------- c:\program files\iTunes 2009-03-16 22:18 . 2009-03-16 22:18 <DIR> d-------- c:\program files\iPod 2009-03-16 22:18 . 2009-03-16 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-16 22:17 . 2009-03-16 22:17 <DIR> d-------- c:\program files\Bonjour 2009-03-16 22:16 . 2009-03-16 22:16 <DIR> d-------- c:\program files\Apple Software Update 2009-03-14 11:27 . 2009-03-14 11:27 <DIR> d-------- c:\program files\Lame for Audacity . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-29 20:02 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-26 20:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 20:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-22 13:55 --------- d-----w c:\documents and settings\Eric\Application Data\Apple Computer 2009-03-17 02:18 --------- d-----w c:\program files\Common Files\Apple 2009-03-17 01:57 --------- d-----w c:\program files\QuickTime 2009-03-07 21:16 15,688 ----a-w c:\windows\system32\lsdelete.exe 2009-03-06 03:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-06 03:59 1,900,544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-02-28 17:34 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-28 17:34 --------- d-----w c:\program files\Java 2009-02-26 03:47 --------- d-----w c:\program files\CCleaner 2009-02-24 23:56 --------- d-----w c:\program files\Avira 2009-02-24 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-02-24 00:26 --------- d-----w c:\program files\Photoshop 6.0 2009-02-20 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\zapilori 2009-02-20 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\wavapaya 2009-02-20 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\sufarudi 2009-02-20 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\remofeko 2009-02-20 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\mululebi 2009-02-20 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\lebevati 2009-02-20 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\lawilupe 2009-02-20 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\gaboruwi 2009-02-20 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\fovigino 2009-02-15 17:50 --------- d-----w c:\documents and settings\Eric\Application Data\ValuSoft 2009-02-14 05:34 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-14 05:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-11 23:41 --------- d-----w c:\program files\Trend Micro 2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys 2009-02-08 17:33 --------- d-----w c:\documents and settings\All Users\Application Data\zeyigoja 2008-11-07 23:50 62,152 ----a-w c:\documents and settings\Emma\Application Data\GDIPFONTCACHEV1.DAT 2008-08-04 03:35 62,616 ----a-w c:\documents and settings\Eric\Application Data\GDIPFONTCACHEV1.DAT 2007-09-08 23:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007082020070827\index.dat 2007-09-08 23:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007090820070909\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-19 185632] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 148888] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] c:\documents and settings\Mollie\Start Menu\Programs\Startup\ Registration .LNK - c:\documents and settings\All Users\Documents\Register\RegistrationReminder.exe [2009-02-02 962560] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] . Contents of the 'Scheduled Tasks' folder 2009-04-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-07 17:15] 2009-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Search FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\15j82wbi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\15j82wbi.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - plugin: c:\documents and settings\Eric\Application Data\Mozilla\plugins\npPxPlay.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-05 00:30:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2009-04-05 0:35:28 ComboFix-quarantined-files.txt 2009-04-05 04:34:11 Pre-Run: 12,157,833,216 bytes free Post-Run: 12,162,961,408 bytes free 113 --- E O F --- 2009-04-04 07:00:23 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:39:20 AM, on 4/5/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [yubutateke] Rundll32.exe "C:\WINDOWS\system32\jepeyija.dll",s (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [0c61d56d] rundll32.exe "C:\Documents and Settings\All Users\Application Data\zeyigoja\zeyigoja.dll",b (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\Emma\LOCALS~1\Temp\tmcrho.dll",run (User 'Emma') O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 5086 bytes
  3. Can't log on to hotmail and other certain website. Anything here suspicious? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:58:51 PM, on 4/4/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [yubutateke] Rundll32.exe "C:\WINDOWS\system32\jepeyija.dll",s (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [0c61d56d] rundll32.exe "C:\Documents and Settings\All Users\Application Data\zeyigoja\zeyigoja.dll",b (User 'Emma') O4 - HKUS\S-1-5-21-1935655697-436374069-725345543-1006\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\Emma\LOCALS~1\Temp\tmcrho.dll",run (User 'Emma') O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 5221 bytes
  4. Thanks again for all your help. Everything is working fine now. erussell
  5. Okay, I followed all the steps. Here are the logs. Computer still seems sluggish. Thank for the help. erussell Malwarebytes' Anti-Malware 1.34 Database version: 1813 Windows 5.1.2600 Service Pack 2 2/28/2009 12:54:00 PM mbam-log-2009-02-28 (12-54-00).txt Scan type: Quick Scan Objects scanned: 73077 Time elapsed: 5 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:58:48 PM, on 2/28/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 3668 bytes Service Pack 2 1 17 2009 18:19:28.375 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver ohci1394.sys Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS Loaded driver pciide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver Mup.sys Loaded driver agp440.sys Did not load driver ACPI Multiprocessor PC Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Did not load driver Communications Port Did not load driver ECP Printer Port Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\system32\DRIVERS\Rockey4.sys Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Did not load driver mnmdd.SYS Did not load driver RDPCDD.SYS Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Did not load driver RasAcd.SYS Did not load driver IPSec.SYS Did not load driver Tcpip.SYS Did not load driver NetBT.SYS Did not load driver AFD.SYS Did not load driver NetBIOS.SYS Did not load driver Serial.SYS Did not load driver Processor.SYS Did not load driver intelppm.SYS Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Did not load driver Rdbss.SYS Did not load driver NetworkX.SYS Did not load driver MRxSmb.SYS Did not load driver Fips.SYS Loaded driver \SystemRoot\System32\DRIVERS\USBSTOR.SYS Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Loaded driver \SystemRoot\System32\DRIVERS\usbprint.sys Loaded driver \SystemRoot\System32\DRIVERS\hidusb.sys Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver hp deskjet 3600 series Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver hp deskjet 3600 series Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver hp deskjet 3600 series Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Did not load driver Intel Processor Did not load driver Intel Processor Did not load driver NVIDIA GeForce 6200 Did not load driver hp deskjet 3600 series Did not load driver BCM V.92 56K Modem Did not load driver Creative Audigy Audio Processor (WDM) Did not load driver OHCI Compliant IEEE 1394 Host Controller Did not load driver ADMtek AN983 based ethernet adapter Did not load driver Communications Port Did not load driver ECP Printer Port Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver WAN Miniport (L2TP) Did not load driver WAN Miniport (IP) Did not load driver WAN Miniport (PPPOE) Did not load driver WAN Miniport (PPTP) Did not load driver Packet Scheduler Miniport Did not load driver Packet Scheduler Miniport Did not load driver Direct Parallel Did not load driver AFD.SYS Service Pack 2 2 28 2009 13:02:17.375 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver ohci1394.sys Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS Loaded driver pciide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver Mup.sys Loaded driver agp440.sys Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\System32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\System32\DRIVERS\BCMSM.sys Loaded driver \SystemRoot\System32\Drivers\Modem.SYS Loaded driver \SystemRoot\system32\drivers\ctoss2k.sys Loaded driver \SystemRoot\system32\drivers\ctprxy2k.sys Loaded driver \SystemRoot\system32\drivers\ctaud2k.sys Loaded driver \SystemRoot\System32\DRIVERS\AN983.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\system32\DRIVERS\Rockey4.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\system32\drivers\hap16v2k.sys Loaded driver \SystemRoot\system32\drivers\ha10kx2k.sys Loaded driver \SystemRoot\system32\drivers\emupia2k.sys Loaded driver \SystemRoot\system32\drivers\ctsfm2k.sys Loaded driver \SystemRoot\system32\drivers\ctac32k.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\DRIVERS\processr.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\system32\DRIVERS\ssmdrv.sys Loaded driver \SystemRoot\System32\DRIVERS\usbprint.sys Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\hidusb.sys Loaded driver \SystemRoot\System32\DRIVERS\USBSTOR.SYS Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys Loaded driver \SystemRoot\system32\ckldrv.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\system32\DRIVERS\avipbb.sys Loaded driver \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys
  6. Here are the 2 logs requested. Thank you, erussell DDS (Ver_09-02-01.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 8/25/2007 1:51:15 PM System Uptime: 2/26/2009 3:08:32 AM (14 hours ago) Motherboard: Dell Computer Corp. | | 0M2035 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 38 GiB total, 5.273 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (NTFS) - 233 GiB total, 75.349 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\11008B7523C04 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\11008B7523C04 Service: NIC1394 Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Ethernet Controller Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0 Manufacturer: Name: Ethernet Controller PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0 Service: ==== System Restore Points =================== RP1: 2/19/2009 6:55:40 PM - System Checkpoint RP2: 2/20/2009 3:00:21 AM - Software Distribution Service 3.0 RP3: 2/21/2009 3:00:21 AM - Software Distribution Service 3.0 RP4: 2/22/2009 3:00:21 AM - Software Distribution Service 3.0 RP5: 2/23/2009 3:00:22 AM - Software Distribution Service 3.0 RP6: 2/24/2009 3:00:20 AM - Software Distribution Service 3.0 RP7: 2/24/2009 6:55:35 PM - Avira AntiVir Personal - 2/24/2009 18:55 RP8: 2/25/2009 3:00:21 AM - Software Distribution Service 3.0 RP9: 2/26/2009 3:00:21 AM - Software Distribution Service 3.0 ==== Installed Programs ====================== Ad-Aware Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe Shockwave Player 11 Apple Mobile Device Support Apple Software Update AutoUpdate Avira AntiVir Personal - Free Antivirus BCM V.92 56K Modem CCleaner (remove only) ClickArt 1,200,000 Disney Print Creations Winnie the Pooh software DivX DivX Player DVD-CLONER V6.00 Build 977 Efotolab 2.31 efotolab ROES FinePix Studio FinePixViewer Resource FinePixViewer Ver.5.4 FUJIFILM USB Driver GardenStateColor ROES Google Earth Google Toolbar for Internet Explorer HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB952287) hp deskjet 3600 series HP Driver Diagnostics Ipswitch WS_FTP Home 2007 iTunes Java 6 Update 11 Java 6 Update 3 Learn to Speak French Essentials 9.5 Macromedia Dreamweaver MX Macromedia Extension Manager Malwarebytes' Anti-Malware MalwareRemovalBot Managed DirectX (0900) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office PowerPoint Viewer 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Web Publishing Wizard 1.52 Microsoft Word 2002 Microsoft Works 2003 Setup Launcher Microsoft Works 7.0 Microsoft Works Suite Add-in for Microsoft Word Mozilla Firefox (3.0.6) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) myPhotopipe ROES Nations Photo Lab ROES NVIDIA Drivers Photodex Presenter Print Workshop 2005 LE Pro Studio Manager ver.3.5 ProShow Gold QuickTime ROES Kiosk Client Demo ROES TemplateTool ROES.whcc Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 8 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB960715) SierraAddressBook 3.0 Spybot - Search & Destroy 1.5.2.20 Stellar Phoenix NTFS Data Recovery V3.0 The Digital Arts and Crafts Studio Uninstall Dual Mode Camera Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP WHCC PF ROES WinAVI MP4 Converter Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinRAR archiver Works Suite OS Pack WorkStream DS 2.4 XviD MPEG-4 Video Codec ==== Event Viewer Messages From Past Week ======== 2/19/2009 8:08:45 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 2/19/2009 8:08:45 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 2/19/2009 8:08:45 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2/19/2009 8:08:45 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 2/19/2009 8:08:45 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 2/19/2009 8:08:45 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2/19/2009 3:11:16 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0050BFA1EEF9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 2/20/2009 8:22:21 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0050BFA1EEF9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). ==== End Of File =========================== DDS (Ver_09-02-01.01) - NTFSx86 Run by Eric at 17:36:16.75 on Thu 02/26/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.726 [GMT -5:00] AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Eric\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min IE: &Search DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\15j82wbi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\documents and settings\eric\application data\mozilla\firefox\profiles\15j82wbi.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll FF - plugin: c:\documents and settings\eric\application data\mozilla\plugins\npPxPlay.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-2-24 11840] R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-2-24 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-2-24 151297] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096] R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-2-24 52032] S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2008-11-22 68922] =============== Created Last 30 ================ 2009-02-25 22:47 <DIR> --d----- c:\program files\CCleaner 2009-02-24 18:56 <DIR> --d----- c:\program files\Avira 2009-02-24 18:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira 2009-02-19 19:02 <DIR> --d----- c:\documents and settings\eric\DoctorWeb 2009-02-18 13:00 208,744 a------- c:\windows\system32\muweb.dll 2009-02-18 08:55 <DIR> a-dshr-- C:\cmdcons 2009-02-15 21:28 25,743 a------- c:\windows\system32\AAWService_2009_02_15_21_28_40.dmp 2009-02-14 01:27 25,743 a------- c:\windows\system32\AAWService_2009_02_14_01_27_23.dmp 2009-02-14 00:34 25,743 a------- c:\windows\system32\AAWService_2009_02_14_00_34_57.dmp 2009-02-14 00:32 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-02-11 18:41 <DIR> --d----- c:\program files\Trend Micro 2009-02-11 17:44 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-02-11 17:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 17:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-02-10 19:13 25,687 a------- c:\windows\system32\AAWService_2009_02_10_19_13_27.dmp 2009-02-09 21:14 25,687 a------- c:\windows\system32\AAWService_2009_02_09_21_14_27.dmp 2009-02-03 18:19 <DIR> --d-h--- c:\program files\Zero G Registry 2009-02-03 17:40 <DIR> --d-h--- c:\documents and settings\eric\InstallAnywhere 2009-02-02 18:23 <DIR> --d----- c:\docume~1\eric\applic~1\ValuSoft 2009-01-31 11:29 <DIR> --d----- c:\docume~1\eric\applic~1\Malwarebytes 2009-01-31 11:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-01-30 17:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\zeyigoja 2009-01-30 17:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\lawilupe 2009-01-30 05:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\wavapaya 2009-01-30 05:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\mululebi 2009-01-29 17:48 5,632 a--sh--- c:\windows\Thumbs.db 2009-01-29 17:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\sufarudi 2009-01-29 17:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\gaboruwi 2009-01-29 05:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\remofeko 2009-01-29 05:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\lebevati 2009-01-28 17:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\zapilori 2009-01-28 17:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fovigino ==================== Find3M ==================== 2009-01-31 16:16 15,688 a------- c:\windows\system32\lsdelete.exe 2009-01-06 17:10 410,984 a------- c:\windows\system32\deploytk.dll 2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll 2008-08-03 22:35 62,616 a------- c:\docume~1\eric\applic~1\GDIPFONTCACHEV1.DAT 2007-09-08 18:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007082020070827\index.dat 2007-09-08 18:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007090820070909\index.dat ============= FINISH: 17:36:58.89 ===============
  7. I did as instrcted the av scanner didn't seem to come up with a log. Here is my latest hjt log thanks for looking into it. erusssell Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:17:36 AM, on 2/26/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 3276 bytes
  8. Here is the antivirus report Thanks so much, erussell Avira AntiVir Personal Report file date: Tuesday, February 24, 2009 18:59 Scanning for 1264314 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: DAD Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 23:58:07 ANTIVIR2.VDF : 7.1.2.55 248832 Bytes 2/20/2009 23:58:08 ANTIVIR3.VDF : 7.1.2.75 91648 Bytes 2/24/2009 23:58:09 Engineversion : 8.2.0.88 AEVDF.DLL : 8.1.1.0 106868 Bytes 2/24/2009 23:58:22 AESCRIPT.DLL : 8.1.1.52 348538 Bytes 2/24/2009 23:58:21 AESCN.DLL : 8.1.1.7 127347 Bytes 2/24/2009 23:58:19 AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38 AEPACK.DLL : 8.1.3.8 397684 Bytes 2/24/2009 23:58:18 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2/24/2009 23:58:16 AEHEUR.DLL : 8.1.0.97 1610103 Bytes 2/24/2009 23:58:15 AEHELP.DLL : 8.1.2.0 119159 Bytes 2/24/2009 23:58:12 AEGEN.DLL : 8.1.1.21 336244 Bytes 2/24/2009 23:58:12 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56 AECORE.DLL : 8.1.6.6 176501 Bytes 2/24/2009 23:58:10 AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 18:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, F:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Tuesday, February 24, 2009 18:59 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'AAWTray.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'AAWService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 42 processes with 42 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '46' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to '4a058e29.qua'! C:\Documents and Settings\Eric\Desktop\Misc desktop\A9installer_880473.exe.XXX [DETECTION] Is the TR/Crypt.CFI.Gen Trojan [NOTE] The file was moved to '4a0d9661.qua'! Begin scan in 'F:\' F:\GIF\3434637.GIF.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d7a281.qua'! F:\GIF\4601365.GIF.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d4a288.qua'! F:\GIF\4629365.GIF.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a28e.qua'! F:\GIF\5514653.GIF.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d5a297.qua'! F:\GIF\5689173.GIF.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dca29f.qua'! F:\JPEG\1000308.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d4a6a4.qua'! F:\JPEG\1012401.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d5a6a7.qua'! F:\JPEG\1034061.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d7a6a9.qua'! F:\JPEG\1034065.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d7a6ab.qua'! F:\JPEG\1066793.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49daa6ad.qua'! F:\JPEG\1085718.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dca6af.qua'! F:\JPEG\1128241.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a6b2.qua'! F:\JPEG\1180485.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dca6b5.qua'! F:\JPEG\1180489.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dca6b8.qua'! F:\JPEG\118261.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dca6ba.qua'! F:\JPEG\118265.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dca6bc.qua'! F:\JPEG\1197493.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dda6be.qua'! F:\JPEG\1197497.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dda6c3.qua'! F:\JPEG\1217989.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d5a6c7.qua'! F:\JPEG\1217996.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d5a6c9.qua'! F:\JPEG\1218501.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d5a6cc.qua'! F:\JPEG\1218505.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d5a6ce.qua'! F:\JPEG\1220293.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a6d0.qua'! F:\JPEG\1220297.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a6d2.qua'! F:\JPEG\1221961.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a6d4.qua'! F:\JPEG\1222853.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a6d6.qua'! F:\JPEG\1222857.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a6d8.qua'! F:\JPEG\1589365.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dca79d.qua'! F:\JPEG\1589369.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dca79f.qua'! F:\JPEG\1594101.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dda7a1.qua'! F:\JPEG\1622325.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a7a5.qua'! F:\JPEG\1622329.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a7a7.qua'! F:\JPEG\1629593.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a7a9.qua'! F:\JPEG\1647081.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d8a7ab.qua'! F:\JPEG\1661309.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49daa7ae.qua'! F:\JPEG\1661313.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49daa7b0.qua'! F:\JPEG\220096.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d4a7ba.qua'! F:\JPEG\229226.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dda7bc.qua'! F:\JPEG\249720.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dda7c1.qua'! F:\JPEG\259914.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dda7c4.qua'! F:\JPEG\271986.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d5a7c8.qua'! F:\JPEG\278781.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dca7ca.qua'! F:\JPEG\278785.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dca7cc.qua'! F:\JPEG\279917.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dda7ce.qua'! F:\JPEG\279921.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dda7cf.qua'! F:\JPEG\4018621.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d5a7cb.qua'! F:\JPEG\434101.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d8a7d0.qua'! F:\JPEG\451269.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d5a7d5.qua'! F:\JPEG\451273.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d5a7d6.qua'! F:\JPEG\4636258.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d7a7da.qua'! F:\JPEG\474421.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d8a7df.qua'! F:\JPEG\474425.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d8a7e1.qua'! F:\JPEG\478685.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dca7e3.qua'! F:\JPEG\478689.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dca7e5.qua'! F:\JPEG\487840.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dba7e8.qua'! F:\JPEG\530895.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d4a7e7.qua'! F:\JPEG\530981.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d4a7eb.qua'! F:\JPEG\530985.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d4a7ee.qua'! F:\JPEG\556225.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49daa7f3.qua'! F:\JPEG\557741.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dba7f6.qua'! F:\JPEG\557745.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dba7f9.qua'! F:\JPEG\569237.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dda7fc.qua'! F:\JPEG\569241.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dda7fe.qua'! F:\JPEG\572853.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a801.qua'! F:\JPEG\572857.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a803.qua'! F:\JPEG\572937.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a808.qua'! F:\JPEG\573069.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d7a80a.qua'! F:\JPEG\573073.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d7a80c.qua'! F:\JPEG\584877.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d8a80f.qua'! F:\JPEG\584881.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d8a810.qua'! F:\JPEG\625897.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d9a80c.qua'! F:\JPEG\631329.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d5a80f.qua'! F:\JPEG\636921.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49daa811.qua'! F:\JPEG\650112.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d4a816.qua'! F:\JPEG\650525.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d4a818.qua'! F:\JPEG\650529.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d4a81a.qua'! F:\JPEG\653561.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d7a844.qua'! F:\JPEG\657530.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dba846.qua'! F:\JPEG\663504.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d7a849.qua'! F:\JPEG\700953.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d4a849.qua'! F:\JPEG\716453.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49daa84a.qua'! F:\JPEG\769473.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dda850.qua'! F:\JPEG\770725.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d4a851.qua'! F:\JPEG\772565.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a851.qua'! F:\JPEG\932557.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d6a84f.qua'! F:\JPEG\932561.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '48507ad8.qua'! F:\JPEG\953965.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d7a851.qua'! F:\JPEG\977605.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dba854.qua'! F:\JPEG\977609.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '485d7add.qua'! F:\JPEG\977865.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dba856.qua'! F:\JPEG1\4894317.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dda861.qua'! F:\JPEG1\5000795.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d4a85a.qua'! F:\JPEG1\5385516.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dca85e.qua'! F:\JPEG1\5448625.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49d8a860.qua'! F:\JPEG3\20794441.JPEG.XXX [DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper [NOTE] The file was moved to '49dba9cc.qua'! F:\LimeWire\Saved\apartment theme .mp3.XXX [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan [NOTE] The file was moved to '4a05ab17.qua'! F:\LimeWire\Saved\Blur - Ambulance.wma.XXX [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan [NOTE] The file was moved to '4a19ab17.qua'! F:\LimeWire\Saved\chavez .wma.XXX [DETECTION] Is the TR/Dldr.WMA.Wimad.N.3 Trojan [NOTE] The file was moved to '4a05ab18.qua'! F:\LimeWire\Saved\december kelly clarckson.mp3.XXX [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan [NOTE] The file was moved to '4a07ab1f.qua'! F:\LimeWire\Saved\GPunkt - Fine Young Cannibals - Johnny come home.mp3.XXX [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan [NOTE] The file was moved to '4a19ab15.qua'! F:\LimeWire\Saved\Ingrid Chavez - Hippy blood (album version).mp3.XXX [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan [NOTE] The file was moved to '4a0bab36.qua'! F:\LimeWire\Saved\Seinfeld - Season 7 - Episode 01 t.avi.XXX [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan [NOTE] The file was moved to '4a0dab45.qua'! F:\LimeWire\Saved\spirited away.mpg.XXX [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan [NOTE] The file was moved to '4a0dab53.qua'! F:\LimeWire\Saved\ultra lounge christmas.mp3.XXX [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan [NOTE] The file was moved to '4a18ab5d.qua'! F:\LimeWire\Saved\who will be next in line .mp3.XXX [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan [NOTE] The file was moved to '4a13ab5b.qua'! End of the scan: Tuesday, February 24, 2009 21:26 Used time: 2:27:47 Hour(s) The scan has been done completely. 10036 Scanning directories 397223 Files were scanned 106 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 107 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 397115 Files not concerned 1271 Archives were scanned 1 Warnings 107 Notes
  9. I currently am not running anti-virus. That's probably why i am in this situation. I run spyware programs. Spybot, adaware etc. Is there something you would suggest to run. I did remove some items using hjt a week or so ago. Thanks for the update and help. erussell
  10. Here it goes again. These are the log I got from mbam and hjt Malwarebytes' Anti-Malware 1.34 Database version: 1798 Windows 5.1.2600 Service Pack 2 2/23/2009 6:10:03 PM mbam-log-2009-02-23 (18-10-03).txt Scan type: Quick Scan Objects scanned: 71233 Time elapsed: 3 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:11:16 PM, on 2/23/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 2617 bytes
  11. Here's my new mbam log and HJT log. Thank you, erussell 2/22/2009 11:55:24 AM mbam-log-2009-02-22 (11-55-24).txt Scan type: Quick Scan Objects scanned: 71046 Time elapsed: 3 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Installer\UpgradeCodes\50e90ec4ec063d44bb935a0d02415732 (Rogue.MalwareBot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50e90ec4ec063d44bb935a0d02415732 (Rogue.MalwareBot) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Eric\Application Data\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully. C:\Documents and Settings\Eric\Application Data\MalwareRemovalBot\Log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully. C:\Documents and Settings\Eric\Application Data\MalwareRemovalBot\Settings (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Eric\Application Data\MalwareRemovalBot\rs.dat (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully. C:\Documents and Settings\Eric\Application Data\MalwareRemovalBot\Log\2009 Feb 11 - 05_25_31 PM_078.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully. C:\Documents and Settings\Eric\Application Data\MalwareRemovalBot\Log\2009 Feb 11 - 05_25_59 PM_953.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully. C:\Documents and Settings\Eric\Application Data\MalwareRemovalBot\Log\2009 Feb 11 - 05_26_15 PM_390.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully. C:\Documents and Settings\Eric\Application Data\MalwareRemovalBot\Log\2009 Feb 11 - 05_26_20 PM_953.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully. C:\Documents and Settings\Eric\Application Data\MalwareRemovalBot\Settings\ScanResults.pie (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UAColxkwdtu.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACpfjpmyat.log (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:56:27 AM, on 2/22/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 2743 bytes
  12. I did run this previously and I just tried again. It found nothing and saves no log. What' next. Thank you, erussell
  13. I ran rootrepeal 2 times and it stopped both times after about 5 minutes and gave me this crash log. This can't be good. Thanks, erussell ROOTREPEAL CRASH REPORT ------------------------- Exception Code: 0xc0000094 Exception Address: 0x004082c3
  14. I did exactly as you instructed and the program ran. It enden with no results so the log was empty as far as I could see. Any suggestions? Thanks, erussell
  15. I want to star out by saying thanks so much for helping with this issue. Here is my DrWeb log and HJT recent log: 1FE.tmp.XXX;C:\;Trojan.DownLoader.22968;Deleted.; fovigino.dll.XXX;C:\Documents and Settings\All Users\Application Data\fovigino;Trojan.Siggen.568;Deleted.; gaboruwi.dll.XXX;C:\Documents and Settings\All Users\Application Data\gaboruwi;Trojan.Juan.81;Deleted.; lawilupe.dll.XXX;C:\Documents and Settings\All Users\Application Data\lawilupe;Trojan.Juan.81;Deleted.; lebevati.dll.XXX;C:\Documents and Settings\All Users\Application Data\lebevati;Trojan.Siggen.568;Deleted.; mululebi.dll.XXX;C:\Documents and Settings\All Users\Application Data\mululebi;Trojan.Juan.81;Deleted.; remofeko.dll.XXX;C:\Documents and Settings\All Users\Application Data\remofeko;Trojan.Juan.81;Deleted.; sufarudi.dll.XXX;C:\Documents and Settings\All Users\Application Data\sufarudi;Trojan.Siggen.568;Deleted.; wavapaya.dll.XXX;C:\Documents and Settings\All Users\Application Data\wavapaya;Trojan.Siggen.568;Deleted.; zapilori.dll.XXX;C:\Documents and Settings\All Users\Application Data\zapilori;Trojan.Juan.81;Deleted.; backup-20090124-173224-152.dll;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Virtumod.1534;Deleted.; backup-20090124-173224-901.dll;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Packed.375;Deleted.; backup-20090124-174044-144.dll;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Packed.375;Deleted.; backup-20090124-174044-539.dll.XXX;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Probably Trojan.Packed.375;Incurable.Deleted.; backup-20090124-174044-808.dll;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Virtumod.1534;Deleted.; backup-20090124-174204-365.dll;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Packed.375;Deleted.; backup-20090124-174220-175.dll;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Packed.375;Deleted.; backup-20090125-124936-244.dll;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Virtumod.1534;Deleted.; backup-20090125-124936-465.dll.XXX;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Juan.81;Deleted.; backup-20090125-200459-264.dll;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Virtumod.1534;Deleted.; backup-20090125-200459-566.dll.XXX;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Juan.81;Deleted.; backup-20090126-221000-546.dll.XXX;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Juan.81;Deleted.; backup-20090126-221000-932.dll;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Virtumod.1534;Deleted.; backup-20090131-112244-222.dll.XXX;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Juan.81;Deleted.; backup-20090131-112244-386.dll;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Virtumod.1534;Deleted.; backup-20090131-112315-934.dll;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Virtumod.1534;Deleted.; backup-20090131-112345-188.dll;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Virtumod.1534;Deleted.; backup-20090131-112433-128.dll;C:\Documents and Settings\Eric\Desktop\Misc desktop\backups;Trojan.Virtumod.1534;Deleted.; backup-20090214-131222-579.dll.XXX;C:\Program Files\Trend Micro\HijackThis\backups;Adware.MWS.origin;Moved.; backup-20090214-131222-799.dll.XXX;C:\Program Files\Trend Micro\HijackThis\backups;Adware.Websearch.13;Moved.; A0000001.dll;C:\System Volume Information\_restore{7678C3D4-0B87-4B37-B504-346E942C5BB7}\RP1;Trojan.Virtumod.1534;Deleted.; A0000002.dll;C:\System Volume Information\_restore{7678C3D4-0B87-4B37-B504-346E942C5BB7}\RP1;Trojan.Packed.375;Deleted.; A0000003.dll;C:\System Volume Information\_restore{7678C3D4-0B87-4B37-B504-346E942C5BB7}\RP1;Trojan.Packed.375;Deleted.; A0000004.dll;C:\System Volume Information\_restore{7678C3D4-0B87-4B37-B504-346E942C5BB7}\RP1;Trojan.Virtumod.1534;Deleted.; A0000005.dll;C:\System Volume Information\_restore{7678C3D4-0B87-4B37-B504-346E942C5BB7}\RP1;Trojan.Packed.375;Deleted.; A0000006.dll;C:\System Volume Information\_restore{7678C3D4-0B87-4B37-B504-346E942C5BB7}\RP1;Trojan.Packed.375;Deleted.; A0000007.dll;C:\System Volume Information\_restore{7678C3D4-0B87-4B37-B504-346E942C5BB7}\RP1;Trojan.Virtumod.1534;Deleted.; A0000008.dll;C:\System Volume Information\_restore{7678C3D4-0B87-4B37-B504-346E942C5BB7}\RP1;Trojan.Virtumod.1534;Deleted.; A0000009.dll;C:\System Volume Information\_restore{7678C3D4-0B87-4B37-B504-346E942C5BB7}\RP1;Trojan.Virtumod.1534;Deleted.; A0000010.dll;C:\System Volume Information\_restore{7678C3D4-0B87-4B37-B504-346E942C5BB7}\RP1;Trojan.Virtumod.1534;Deleted.; A0000011.dll;C:\System Volume Information\_restore{7678C3D4-0B87-4B37-B504-346E942C5BB7}\RP1;Trojan.Virtumod.1534;Deleted.; A0000012.dll;C:\System Volume Information\_restore{7678C3D4-0B87-4B37-B504-346E942C5BB7}\RP1;Trojan.Virtumod.1534;Deleted.; A0000013.dll;C:\System Volume Information\_restore{7678C3D4-0B87-4B37-B504-346E942C5BB7}\RP1;Trojan.Virtumod.1534;Deleted.; Preview-T-5088466-suspicious minds[high quality].snd.XXX;F:\LimeWire\Incomplete;Trojan.WMALoader;Cured.; T-5088466-suspicious minds[high quality].snd.XXX;F:\LimeWire\Incomplete;Trojan.WMALoader;Cured.; 01 Track 1.wma.XXX;F:\LimeWire\Saved;Trojan.DownLoader.61860;Deleted.; 02 Track 2.wma.XXX;F:\LimeWire\Saved;Trojan.DownLoader.61860;Deleted.; 03 Track 3 (grandaddy).wma.XXX;F:\LimeWire\Saved;Trojan.DownLoader.61860;Deleted.; 06 Track 6.wma.XXX;F:\LimeWire\Saved;Trojan.DownLoader.61860;Deleted.; 07 Track 7.wma.XXX;F:\LimeWire\Saved;Trojan.DownLoader.61860;Deleted.; apartment theme .mp3.XXX;F:\LimeWire\Saved;Trojan.WMALoader;Cured.; Blur - Ambulance.wma.XXX;F:\LimeWire\Saved;Trojan.WMALoader;Cured.; caught masturbating censoreding my girlfriend in front of new webcam.mpg.XXX;F:\LimeWire\Saved;Trojan.WMALoader;Cured.; cowgirl in sand(192k 44100 stereo).snd.XXX;F:\LimeWire\Saved;Trojan.WMALoader;Cured.; december kelly clarckson.mp3.XXX;F:\LimeWire\Saved;Trojan.WMALoader;Cured.; Eighties classic.wma.XXX;F:\LimeWire\Saved;Trojan.DownLoader.61860;Deleted.; GPunkt - Fine Young Cannibals - Johnny come home.mp3.XXX;F:\LimeWire\Saved;Trojan.WMALoader;Cured.; Ingrid Chavez - Hippy blood (album version).mp3.XXX;F:\LimeWire\Saved;Trojan.WMALoader;Cured.; Rare Recording (kinks).wma.XXX;F:\LimeWire\Saved;Trojan.DownLoader.61860;Deleted.; Seinfeld - Season 7 - Episode 01 t.avi.XXX;F:\LimeWire\Saved;Trojan.WMALoader;Cured.; spirited away.mpg.XXX;F:\LimeWire\Saved;Trojan.WMALoader;Cured.; Top of Charts - 2003.wma.XXX;F:\LimeWire\Saved;Trojan.DownLoader.61860;Deleted.; ultra lounge christmas MTV.mp3.XXX;F:\LimeWire\Saved;Trojan.WMALoader;Cured.; ultra lounge christmas.mp3.XXX;F:\LimeWire\Saved;Trojan.WMALoader;Cured.; who will be next in line .mp3.XXX;F:\LimeWire\Saved;Trojan.WMALoader;Cured.; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:04:47 PM, on 2/19/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 2697 bytes