209 replies to this topic

[Gator]

Unable to get to any of the sites. Typed adr in without going through your link and still no go. Turned computer off. Disconnected internet.C Rebooted and was presented with dialog box stating that jqsnotify.exe failed to initalize. Closed the box. Monitored temp no .exe files. Reconnected internet and after few mins still no additions to either prefetch and no .exe files in temp folder. Maybe if we continue in this condition we can find something.

[LDTate]

http://technet.micro...s/bb963902.aspx
AutoRuns for Windows v9.35
At the bottom of the page is the download.
Run the tool and post the results.

Simply run Autoruns and it shows you the currently configured auto-start applications as well as the full list of Registry and file system locations available for auto-start configuration. Autostart locations displayed by Autoruns include logon entries, Explorer add-ons, Internet Explorer add-ons including Browser Helper Objects (BHOs), Appinit DLLs, image hijacks, boot execute images, Winlogon notification DLLs, Windows Services and Winsock Layered Service Providers.

Just click this link, save it and run it.
http://live.sysinter...om/autoruns.exe

[Gator]

Have run the scan but how do i convert to text to display in this entry box?? We are not suppose to add attachments?

[LDTate]

Open or copy it to notepad, save as a .txt file, copy paste it here.

[Gator]

here is the log. By the way the .exe files have returned to the temp flolder. HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms + rdpclip RDP Clip Monitor Microsoft Corporation c:\windows\system32\rdpclip.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit + C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell + Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + ATICCC CLI Application (Command Line Interface) ATI Technologies Inc. c:\program files\ati technologies\ati.ace\cli.exe + Broadcom Wireless Manager UI Dell Wireless WLAN Card Wireless Network Tray Applet Dell Inc. c:\windows\system32\wltray.exe + Dell QuickSet QuickSet Dell Inc c:\program files\dell\quickset\quickset.exe + dellsupportcenter SupportSoft, Inc. c:\program files\dell support center\bin\sprtcmd.exe + dla Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswctrl.exe + dscactivate c:\program files\dell support center\gs_agent\custom\dsca.exe + DVDLauncher CyberLink PowerCinema Resident Program CyberLink Corp. c:\program files\cyberlink\powerdvd\dvdlauncher.exe + ehTray Media Center Tray Applet Microsoft Corporation c:\windows\ehome\ehtray.exe + ISUSPM Startup InstallShield Update Service Update Manager InstallShield Software Corporation c:\program files\common files\installshield\updateservice\isuspm.exe + ISUSScheduler InstallShield Update Service Scheduler InstallShield Software Corporation c:\program files\common files\installshield\updateservice\issch.exe + pccguide.exe PCCGuide Trend Micro Inc. c:\program files\trend micro\internet security 14\pccguide.exe + SigmatelSysTrayApp Sigmatel Audio system tray application SigmaTel, Inc. c:\windows\stsystra.exe + SunJavaUpdateSched Java™ Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jusched.exe + SynTPEnh Synaptics TouchPad Enhancements Synaptics, Inc. c:\program files\synaptics\syntp\syntpenh.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup + Digital Line Detect.lnk Digital Line Detection BVRP Software c:\program files\digital line detect\dlg.exe + dlbcserv.lnk c:\program files\dell photo printer 720\dlbcserv.exe + Kodak EasyShare software.lnk KODAK EasyShare Software c:\program files\kodak\kodak easyshare software\bin\easyshare.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run + ctfmon.exe CTF Loader Microsoft Corporation c:\windows\system32\ctfmon.exe + ModemOnHold c:\program files\netwaiting\netwaiting.exe + MSMSGS Windows Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe + OE_OEM Trend Micro Anti-Spam for OE monitor Trend Micro Inc. c:\program files\trend micro\internet security 14\tmas_oe\tmas_oemon.exe HKLM\SOFTWARE\Classes\Protocols\Filter + application/octet-stream Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll + application/x-complus Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll + application/x-msdownload Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll + Class Install Handler OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + deflate OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + gzip OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + lzdhtml OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + text/webviewhtml Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + text/xml Microsoft Office XML MIME Filter Microsoft Corporation c:\program files\common files\microsoft shared\office11\msoxmlmf.dll HKLM\SOFTWARE\Classes\Protocols\Handler + about Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll + cdl OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + dvd ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll + file OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + ftp OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + gopher OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + http OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + https OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll + javascript Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll + local OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + mailto Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll + mhtml Microsoft Internet Messaging API Microsoft Corporation c:\windows\system32\inetcomm.dll + mk OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + ms-its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll + ms-itss Microsoft® InfoTech Storage System Library Microsoft Corporation c:\program files\common files\microsoft shared\information retrieval\msitss.dll + mso-offdap11 Microsoft Office Web Components 2003 Microsoft Corporation c:\program files\common files\microsoft shared\web components\11\owc11.dll + res Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll + sysimage Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll + tv ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll + vbscript Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll + wia WIA Scripting Layer Microsoft Corporation c:\windows\system32\wiascr.dll HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components + 0 File not found: About:Home HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components + Address Book 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe + Browser Customizations Microsoft Internet Explorer Customization DLL Microsoft Corporation c:\windows\system32\iedkcs32.dll + Fax ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll + Internet Explorer Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe + Internet Explorer Windows Setup API Microsoft Corporation c:\windows\system32\setupapi.dll + Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe + KB910393 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll + Media Center Windows Setup API Microsoft Corporation c:\windows\system32\setupapi.dll + Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe + Microsoft Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\inf\unregmp2.exe + Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll + n/a Microsoft .NET IE SECURITY REGISTRATION Microsoft Corporation c:\windows\system32\mscories.dll + NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll + Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe + Themes Setup Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe + Windows Desktop Update Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe + Windows Messenger 4.7 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler + Browseui preloader Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad + CDBurn Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + PostBootReminder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + SysTray Systray shell service object Microsoft Corporation c:\windows\system32\stobject.dll + WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + WPDShServiceObj Windows Portable Device Shell Service Object Microsoft Corporation c:\windows\system32\wpdshserviceobj.dll HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers + Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll + Open With Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + Open With EncryptionMenu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + Start Menu Pin Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers + MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dll + Send To Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers + EncryptionMenu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll + Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers + DfsShell Class Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll + Folder Customization Tab Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll + Security Shell Extension Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll + Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers + CDF Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + FileSystem Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + MyDocuments My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll + Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll HKLM\Software\Classes\Folder\Shellex\ColumnHandlers + PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll + {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + {66742402-F9B9-11D1-A202-0000F81FEDEE} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers + MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dll HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers + New Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers + Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Corporation c:\windows\system32\photowiz.dll + &Address Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabview.dll + Accessible Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll + Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Administrative Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll + Augmented Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Augmented Shell Folder 2 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Corporation c:\windows\system32\wuaucpl.cpl + Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll + BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Briefcase Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll + CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Channel File Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll + Channel Handler Object Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll + Channel Menu Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll + Channel Properties Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll + Channel Shortcut Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll + Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Corporation c:\windows\system32\slayerxp.dll + Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll + Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll + Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll + ConnectionAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll + Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll + Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl + DfsShell Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll + Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll + Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll + Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll + Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll + Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll + Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll + Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquoui.dll + Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskadp.dll + Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmon.dll + Display Panning CPL Extension File not found: deskpan.dll + Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskperf.dll + Download Status Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswshx.dll + DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec.dll + E-mail Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Explorer Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Extensions Manager Folder Extensions Manager Microsoft Corporation c:\windows\system32\extmgr.dll + Favorites Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Fonts Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll + Fonts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + For &People... Find People Microsoft Corporation c:\program files\outlook express\wabfind.dll + FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll + Fusion Cache Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll + GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Get a Passport Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll + Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + History Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll + ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll + ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll + ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll + ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll + IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Installed Apps Enumerator Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl + Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Internet Name Space Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + InternetShortcut Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + KodakShellExtension Shell Extension Resource DLL Eastman Kodak Company c:\program files\common files\kodak\ifscore\kodakshx.dll + Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll + Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll + Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Office HTML Icon Handler Microsoft Office 2003 component Microsoft Corporation c:\program files\microsoft office\office11\msohev.dll + Microsoft Office Outlook Custom Icon Handler Outlook Shell Hook for Start/Find Microsoft Corporation c:\program files\microsoft office\office11\olkfstub.dll + Microsoft Office Outlook Desktop Icon Handler Microsoft Shell Extension Library Microsoft Corporation c:\program files\microsoft office\office11\mlshext.dll + Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Url History Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Microsoft Url Search Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll + MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshext.dll + MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Corporation c:\windows\system32\mmsys.cpl + MyDocs Copy Hook My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll + MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll + MyDocs Properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll + Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll + Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll + NTFS Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll + Offline Files Folder Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll + Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll + Offline Files Menu Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll + OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\windows\system32\docprop.dll + PlusPack CPL Extension Windows Theme API Microsoft Corporation c:\windows\system32\themeui.dll + Portable Devices Portable Devices Shell Extension Microsoft Corporation c:\windows\system32\wpdshext.dll + Portable Devices Menu Portable Devices Shell Extension Microsoft Corporation c:\windows\system32\wpdshext.dll + Portable Media Devices Portable Media Devices Shell Extension Microsoft Corporation c:\windows\system32\audiodev.dll + PostAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + Previous Versions Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll + Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll + Print Ordering via the Web Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll + Printers Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll + Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remotepg.dll + Run... Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll + Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll + Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll + Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll + Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll + Scheduled Tasks Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll + Search Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll + Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll + Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Shell Application Manager Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl + Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanui2.dll + Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll + Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll + Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll + Shell extensions for Windows Script Host Microsoft ® Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll + Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Shell Image Verbs Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll + Shell Publishing Wizard Object Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll + Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Shell Scrap DataHandler Shell scrap object handler Microsoft Corporation c:\windows\system32\shscrap.dll + Shell Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Subscription Folder Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Synaptics Control Panel TouchPad Control Panel Extensions Synaptics, Inc. c:\program files\synaptics\syntp\syntpcpl.dll + Taskbar and Start Menu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll + Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll + Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + The Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Track Popup Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + TrayAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + User Accounts Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll + User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll + Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll + Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll + Web Folders Microsoft Web Folders Microsoft Corporation c:\program files\common files\microsoft shared\web folders\msonsext.dll + Web Printer Shell Extension Print UI DLL Microsoft Corporation c:\windows\system32\printui.dll + Web Publishing Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll + Web Search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll + Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll + Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + Adobe PDF Link Helper Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll + CBrowserHelperObject Object BAE.dll Dell Inc. c:\program files\bae\bae.dll + DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswshx.dll + Java™ Plug-In 2 SSV Helper Java™ Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jp2ssv.dll + Java™ Plug-In SSV Helper Java™ Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\ssv.dll + JQSIEStartDetectorImpl Class Java™ Quick Starter binary Sun Microsystems, Inc. c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll + RealPlayer Download and Record Plugin for Internet Explorer RealPlayer Download and Record Plugin for Internet Explorer RealPlayer c:\program files\real\realplayer\rpbrowserrecordplugin.dll HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks + Microsoft Url Search Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll HKLM\Software\Microsoft\Internet Explorer\Extensions + Windows Messenger Windows Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe Task Scheduler + Norton Internet Security - Run Full System Scan - James.job File not found: C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca" HKLM\System\CurrentControlSet\Services + aawservice Protects your computer from spyware Lavasoft AB c:\program files\lavasoft\ad-aware 2007\aawservice.exe + AOL ACS AOL Connectivity Service America Online, Inc. c:\program files\common files\aol\acs\aolacsd.exe + Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2evxx.exe + AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\audiosrv.dll + BITS Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. Microsoft Corporation c:\windows\system32\qmgr.dll + Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\browser.dll + CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\cryptsvc.dll + DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\rpcss.dll + Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Corporation c:\windows\system32\dhcpcsvc.dll + Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dnsrslvr.dll + ehRecvr Media Center Service for TV and FM broadcast reception Microsoft Corporation c:\windows\ehome\ehrecvr.exe + ehSched Media Center Scheduler Service Microsoft Corporation c:\windows\ehome\ehsched.exe + ERSvc Allows error reporting for services and applictions running in non-standard environments. Microsoft Corporation c:\windows\system32\ersvc.dll + Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Corporation c:\windows\system32\services.exe + Fax Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. Microsoft Corporation c:\windows\system32\fxssvc.exe + helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\pchealth\helpctr\binaries\pchsvc.dll + JavaQuickStarterService Prefetches JRE files for faster startup of Java applets and applications Sun Microsystems, Inc. c:\program files\java\jre6\bin\jqs.exe + lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\srvsvc.dll + lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\wkssvc.dll + LexBceS LexBce Service Lexmark International, Inc. c:\windows\system32\lexbces.exe + LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Corporation c:\windows\system32\lmhsvc.dll + McrdSvc MCRD Device Service Microsoft Corporation c:\windows\ehome\mcrdsvc.exe + MDM Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly. Microsoft Corporation c:\program files\common files\microsoft shared\vs7debug\mdm.exe + Net Driver HPZ12 Dot4Net Module Hewlett-Packard c:\windows\system32\hpzinw12.dll + PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\services.exe + Pml Driver HPZ12 PmlDrv Module Hewlett-Packard c:\windows\system32\hpzipm12.dll + PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Corporation c:\windows\system32\lsass.exe + ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Corporation c:\windows\system32\lsass.exe + RemoteRegistry Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\regsvc.dll + RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation c:\windows\system32\rpcss.dll + SamSs Stores security information for local user accounts. Microsoft Corporation c:\windows\system32\lsass.exe + Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\schedsvc.dll + seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\seclogon.dll + SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Corporation c:\windows\system32\sens.dll + SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Corporation c:\windows\system32\ipnathlp.dll + ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Corporation c:\windows\system32\shsvcs.dll + Spooler Loads files to memory for later printing. Microsoft Corporation c:\windows\system32\spoolsv.exe + sprtsvc_dellsupportcenter SupportSoft Sprocket Service SupportSoft, Inc. c:\program files\dell support center\bin\sprtsvc.exe + srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Corporation c:\windows\system32\srsvc.dll + SSDPSRV Enables discovery of UPnP devices on your home network. Microsoft Corporation c:\windows\system32\ssdpsrv.dll + stisvc Provides image acquisition services for scanners and cameras. Microsoft Corporation c:\windows\system32\wiaservc.dll + Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\shsvcs.dll + TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Corporation c:\windows\system32\trkwks.dll + w32time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\w32time.dll + WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\webclnt.dll + winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\wbem\wmisvc.dll + wltrysvc Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant. c:\windows\system32\wltrysvc.exe + wscsvc Monitors system security settings and configurations. Microsoft Corporation c:\windows\system32\wscsvc.dll + wuauserv Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. Microsoft Corporation c:\windows\system32\wuauserv.dll + WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Corporation c:\windows\system32\wzcsvc.dll HKLM\System\CurrentControlSet\Services + abp470n5 File not found: C:\WINDOWS\system32\drivers\hhgmrs.sys + ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys + aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys + AFD AFD Networking Support Environment Microsoft Corporation c:\windows\system32\drivers\afd.sys + APPDRV App Support Driver Dell Inc c:\windows\system32\drivers\appdrv.sys + Arp1394 1394 ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\arp1394.sys + AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys + atapi IDE/ATAPI Port Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys + ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys + Atmarpc ATM ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\atmarpc.sys + audstub AudStub Driver Microsoft Corporation c:\windows\system32\drivers\audstub.sys + BCM43XX Broadcom 802.11 Network Adapter wireless driver Broadcom Corporation c:\windows\system32\drivers\bcmwl5.sys + bcm4sbxp Broadcom Corporation NDIS 5.1 ethernet driver Broadcom Corporation c:\windows\system32\drivers\bcm4sbxp.sys + Beep BEEP Driver Microsoft Corporation c:\windows\system32\drivers\beep.sys + Cdaudio CD-ROM Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\cdaudio.sys + Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys + Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys + CmBatt Control Method Battery Driver Microsoft Corporation c:\windows\system32\drivers\cmbatt.sys + Compbatt Composite Battery Driver Microsoft Corporation c:\windows\system32\drivers\compbatt.sys + Disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys + dmio NT Disk Manager I/O Driver Microsoft Corp., Veritas Software c:\windows\system32\drivers\dmio.sys + DMusic Microsoft Kernel DLS Synthesizer Microsoft Corporation c:\windows\system32\drivers\dmusic.sys + drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys + drvmcdb Device Driver Sonic Solutions c:\windows\system32\drivers\drvmcdb.sys + drvnddm Device Driver Manager Sonic Solutions c:\windows\system32\drivers\drvnddm.sys + DSproct Process Trigger Driver GTek Technologies Ltd. c:\program files\dell support\gtaction\triggers\dsproct.sys + E100B NDIS 5 driver Intel Corporation c:\windows\system32\drivers\e100b325.sys + Fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\drivers\fdc.sys + Fips FIPS Crypto Driver Microsoft Corporation c:\windows\system32\drivers\fips.sys + Flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\drivers\flpydisk.sys + FltMgr File System Filter Manager Driver Microsoft Corporation c:\windows\system32\drivers\fltmgr.sys + Ftdisk FT Disk Driver Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys + Gpc Generic Packet Classifier Microsoft Corporation c:\windows\system32\drivers\msgpc.sys + HDAudBus High Definition Audio Bus Driver v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys + HPZid412 IEEE-1284.4-1999 Driver (Windows 2000) HP c:\windows\system32\drivers\hpzid412.sys + HPZipr12 IEEE-1284.4-1999 Print Class Driver HP c:\windows\system32\drivers\hpzipr12.sys + HPZius12 1284.4<->Usb Datalink Driver (Windows 2000) HP c:\windows\system32\drivers\hpzius12.sys + HSF_DPV HSF_DP driver Conexant Systems, Inc. c:\windows\system32\drivers\hsf_dpv.sys + HSFHWAZL HSF_HWAZL WDM driver Conexant Systems, Inc. c:\windows\system32\drivers\hsfhwazl.sys + HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\drivers\http.sys + i2omgmt I2O Utility Filter Microsoft Corporation c:\windows\system32\drivers\i2omgmt.sys + i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys + Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys + intelppm Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\intelppm.sys + Ip6Fw Provides intrusion prevention service for a home or small office network. Microsoft Corporation c:\windows\system32\drivers\ip6fw.sys + IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys + IpInIp IP in IP Tunnel Driver Microsoft Corporation c:\windows\system32\drivers\ipinip.sys + IpNat IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys + IPSec IPSEC driver Microsoft Corporation c:\windows\system32\drivers\ipsec.sys + IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys + isapnp PNP ISA Bus Driver Microsoft Corporation c:\windows\system32\drivers\isapnp.sys + Kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys + kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\windows\system32\drivers\kmixer.sys + KSecDD Kernel Security Support Provider Interface Microsoft Corporation c:\windows\system32\drivers\ksecdd.sys + lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys + mdmxsdk Diagnostic Interface DRIVER Conexant c:\windows\system32\drivers\mdmxsdk.sys + MHNDRV Multimedia Home Network component driver Microsoft Corporation c:\windows\system32\drivers\mhndrv.sys + mnmdd Frame buffer simulator Microsoft Corporation c:\windows\system32\drivers\mnmdd.sys + Modem Modem Device Driver Microsoft Corporation c:\windows\system32\drivers\modem.sys + Mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\drivers\mouclass.sys + MountMgr Mount Manager Microsoft Corporation c:\windows\system32\drivers\mountmgr.sys + MRxDAV WebDav Client Redirector Microsoft Corporation c:\windows\system32\drivers\mrxdav.sys + MRxSmb MRXSMB Microsoft Corporation c:\windows\system32\drivers\mrxsmb.sys + Msfs Mailslot driver Microsoft Corporation c:\windows\system32\drivers\msfs.sys + MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys + MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys + MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys + mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\drivers\mssmbios.sys + Mup Multiple UNC Provider driver Microsoft Corporation c:\windows\system32\drivers\mup.sys + NDIS NDIS 5.1 wrapper driver Microsoft Corporation c:\windows\system32\drivers\ndis.sys + NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys + Ndisuio NDIS Usermode I/O Protocol Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys + NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys + NDProxy NDIS Proxy Microsoft Corporation c:\windows\system32\drivers\ndproxy.sys + NetBIOS NetBIOS Interface Microsoft Corporation c:\windows\system32\drivers\netbios.sys + NetBT NetBios over Tcpip Microsoft Corporation c:\windows\system32\drivers\netbt.sys + NIC1394 IEEE1394 Ndis Miniport and Call Manager Microsoft Corporation c:\windows\system32\drivers\nic1394.sys + Npfs NPFS Driver Microsoft Corporation c:\windows\system32\drivers\npfs.sys + Null NULL Driver Microsoft Corporation c:\windows\system32\drivers\null.sys + nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys + NwlnkFlt IPX Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkflt.sys + NwlnkFwd IPX Traffic Forwarder Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkfwd.sys + ohci1394 1394 OpenHCI Port Driver Microsoft Corporation c:\windows\system32\drivers\ohci1394.sys + omci OMCI Device Driver Dell Inc c:\windows\system32\drivers\omci.sys + Parport Parallel Port Driver Microsoft Corporation c:\windows\system32\drivers\parport.sys + PartMgr Partition Manager Microsoft Corporation c:\windows\system32\drivers\partmgr.sys + PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\drivers\pci.sys + PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys + PCIIde Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\drivers\pciide.sys + PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys + PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys + PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys + PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys + PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys + PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\drivers\psched.sys + Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys + PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys + RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\drivers\rasacd.sys + Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys + RasPppoe Remote Access PPPOE Driver Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys + Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys + Rdbss Rdbss Microsoft Corporation c:\windows\system32\drivers\rdbss.sys + RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys + rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\drivers\rdpdr.sys + RDPWD RDP Terminal Stack Driver (US/Canada Only, Not for Export) Microsoft Corporation c:\windows\system32\drivers\rdpwd.sys + redbook Redbook Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\redbook.sys + rimmptsk RICOH MMC Driver REDC c:\windows\system32\drivers\rimmptsk.sys + rimsptsk RICOH MS Driver REDC c:\windows\system32\drivers\rimsptsk.sys + rismxdp RICOH XD SM Driver REDC c:\windows\system32\drivers\rixdptsk.sys + sdbus SecureDigital Bus Driver Microsoft Corporation c:\windows\system32\drivers\sdbus.sys + Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys + serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys + Serial Serial Device Driver Microsoft Corporation c:\windows\system32\drivers\serial.sys + sffdisk Small Form Factor Disk Driver Microsoft Corporation c:\windows\system32\drivers\sffdisk.sys + sffp_sd Small Form Factor SD Protocol Driver Microsoft Corporation c:\windows\system32\drivers\sffp_sd.sys + Sfloppy SCSI Floppy Driver Microsoft Corporation c:\windows\system32\drivers\sfloppy.sys + splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys + sr System Restore Filesystem Filter Driver Microsoft Corporation c:\windows\system32\drivers\sr.sys + Srv Srv Microsoft Corporation c:\windows\system32\drivers\srv.sys + sscdbhk5 Shared Driver Component Sonic Solutions c:\windows\system32\drivers\sscdbhk5.sys + ssrtln Shared Driver Component Sonic Solutions c:\windows\system32\drivers\ssrtln.sys + STHDA NDRC SigmaTel, Inc. c:\windows\system32\drivers\sthda.sys + swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys + swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys + SynTP Synaptics Touchpad Driver Synaptics, Inc. c:\windows\system32\drivers\syntp.sys + sysaudio System Audio WDM Filter Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys + szkg File not found: system32\DRIVERS\szkg.sys + Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\drivers\tcpip.sys + TDPIPE Named Pipe Transport Driver Microsoft Corporation c:\windows\system32\drivers\tdpipe.sys + TDTCP TCP Transport Driver Microsoft Corporation c:\windows\system32\drivers\tdtcp.sys + TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys + tfsnboio Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfsnboio.sys + tfsncofs Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfsncofs.sys + tfsndrct Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfsndrct.sys + tfsndres Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfsndres.sys + tfsnifs Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfsnifs.sys + tfsnopio Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfsnopio.sys + tfsnpool Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfsnpool.sys + tfsnudf Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfsnudf.sys + tfsnudfa Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfsnudfa.sys + tmcfw Trend Micro Common Firewall Module 2.6(IM i386-fre) Trend Micro Inc. c:\windows\system32\drivers\tm_cfw.sys + tmpreflt Trend Filter Driver Trend Micro Inc. c:\windows\system32\drivers\tmpreflt.sys + tmtdi Trend Micro TDI Driver (i386-fre) Trend Micro Inc. c:\windows\system32\drivers\tmtdi.sys + tmxpflt Trend Functionality Driver Trend Micro Inc. c:\windows\system32\drivers\tmxpflt.sys + Update Update Driver Microsoft Corporation c:\windows\system32\drivers\update.sys + usbccgp USB Common Class Generic Parent Driver Microsoft Corporation c:\windows\system32\drivers\usbccgp.sys + usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbehci.sys + usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys + usbprint USB Printer driver Microsoft Corporation c:\windows\system32\drivers\usbprint.sys + usbscan USB Scanner Driver Microsoft Corporation c:\windows\system32\drivers\usbscan.sys + USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\drivers\usbstor.sys + usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbuhci.sys + VgaSave Controls the VGA display adapter to provide basic display capabilities. Microsoft Corporation c:\windows\system32\drivers\vga.sys + VolSnap Volume Shadow Copy Driver Microsoft Corporation c:\windows\system32\drivers\volsnap.sys + vsapint Trend Virus ScanEngine Trend Micro Inc. c:\windows\system32\drivers\vsapint.sys + w300bus Sony Ericsson W300 Driver Driver MCCI c:\windows\system32\drivers\w300bus.sys + Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\drivers\wanarp.sys + wanatw Wan Miniport (ATW) America Online, Inc. c:\windows\system32\drivers\wanatw4.sys + WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys + wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\windows\system32\drivers\wdmaud.sys + winachsf HSF_CNXT driver Conexant Systems, Inc. c:\windows\system32\drivers\hsf_cnxt.sys + WmiAcpi Windows Management Interface for ACPI Microsoft Corporation c:\windows\system32\drivers\wmiacpi.sys + WudfPf Provide communciation services for UMDF components. Microsoft Corporation c:\windows\system32\drivers\wudfpf.sys + WudfRd Reflect device requests to user-mode driver drivers Microsoft Corporation c:\windows\system32\drivers\wudfrd.sys HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute + autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autochk.exe + lsdelete c:\windows\system32\lsdelete.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options + Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\windows\system32\ntsd.exe HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls + advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll + comdlg32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll + gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll + imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll + kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll + lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll + ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll + oleaut32 Microsoft Corporation c:\windows\system32\oleaut32.dll + olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\windows\system32\olecli32.dll + olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll + olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll + olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll + rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll + shell32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\windows\system32\url.dll + urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll + version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll + wininet Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll + wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost + logonui.exe Windows Logon UI Microsoft Corporation c:\windows\system32\logonui.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. c:\windows\system32\ati2evxx.dll + crypt32chain Crypto API32 Microsoft Corporation c:\windows\system32\crypt32.dll + cryptnet Crypto Network Related API Microsoft Corporation c:\windows\system32\cryptnet.dll + cscdll Offline Network Agent Microsoft Corporation c:\windows\system32\cscdll.dll + dimsntfy DIMS Notification Handler Microsoft Corporation c:\windows\system32\dimsntfy.dll + ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll + Schedule Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll + sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation c:\windows\system32\sclgntfy.dll + SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll + termsrv Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll + WgaLogon Windows Genuine Advantage Notification Microsoft Corporation c:\windows\system32\wgalogon.dll + wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll HKCU\Control Panel\Desktop\Scrnsave.exe + C:\WINDOWS\system32\logon.scr Logon Screen Saver Microsoft Corporation c:\windows\system32\logon.scr HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries + 000000000001 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000002 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000003 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000004 Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll + 000000000005 Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll + 000000000006 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000007 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000008 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000009 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000010 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000011 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000012 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000013 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000014 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000015 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000016 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000017 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000018 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries + Network Location Awareness (NLA) Namespace Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + NTDS LDAP RnR Provider DLL Microsoft Corporation c:\windows\system32\winrnr.dll + NWLink IPX/SPX/NetBIOS Compatible Transport Protocol Client Service for NetWare Provider and Authentication Package DLL Microsoft Corporation c:\windows\system32\nwprovau.dll + Tcpip Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors + BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon.dll + Dell Network Port LEXLMPM DLL Lexmark International, Inc. c:\windows\system32\lexlmpm.dll + Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\localspl.dll + Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging Microsoft Corporation c:\windows\system32\mdimon.dll + Microsoft Shared Fax Monitor Microsoft Fax Print Monitor Microsoft Corporation c:\windows\system32\fxsmon.dll + PCL Language Monitor LanguageMonitor Hewlett-Packard Company c:\windows\system32\hpz3l5ha.dll + PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon.dll + Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon.dll + USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon.dll HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders + digest.dll Digest SSPI Authentication Package Microsoft Corporation c:\windows\system32\digest.dll + msapsspc.dll DPA Client for 32 bit platforms Microsoft Corporation c:\windows\system32\msapsspc.dll + msnsspc.dll MSN Internet Access Microsoft Corporation c:\windows\system32\msnsspc.dll + schannel.dll TLS / SSL Security Provider Microsoft Corporation c:\windows\system32\schannel.dll HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages + msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0.dll HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages + scecli Windows Security Configuration Editor Client Engine Microsoft Corporation c:\windows\system32\scecli.dll HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages + kerberos Kerberos Security Package Microsoft Corporation c:\windows\system32\kerberos.dll + msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0.dll + schannel TLS / SSL Security Provider Microsoft Corporation c:\windows\system32\schannel.dll + wdigest Microsoft Digest Access Microsoft Corporation c:\windows\system32\wdigest.dll HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order + BCMLogon Dell Wireless WLAN Card Logon Provider Dell Inc. c:\windows\system32\bcmlogon.dll + LanmanWorkstation Microsoft Windows Network Microsoft Corporation c:\windows\system32\ntlanman.dll + RDPNP Microsoft Terminal Services Microsoft Corporation c:\windows\system32\drprov.dll + WebClient Web Client Network Microsoft Corporation c:\windows\system32\davclnt.dll

[Gator]

Got to get some sleep. Will check in tomorrow morning for your next instructions. Thanks

[LDTate]

Well that didn't show anything. What browser are you using? IE or FF?

[LDTate]

Got to get some sleep. Will check in tomorrow morning for your next instructions.

Thanks

Headed there soon myself,

[Gator]

Right now am using FireFox but still have IE available.

[LDTate]

Kaspersky Online Scanner

Please use the Internet Explorer browser and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.

• Once the files are downloaded click on Next
• Click on Scan Settings and configure as follows:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:Scan Archives
    Scan Mail Bases
• Click OK and, under select a target to scan, select My Computer

When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

[Gator]

Am unable to get yo the site. What ever is on here will not let me get to any of the scanning sites. Since the problem has shut down my ability to access the virus protectiong pgm on this computer( trend micro) I think it may have placed into the do not go to sites portion the addresses of some of the sites we need to go to.

Edited by Gator, 11 November 2008 - 08:22 AM.

[LDTate]

Please run a new Combofix scan.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

[Gator]

I am unable to shutdown any of the Trend Internet Security sections because they are not accessable. This includes the firewall[/b].

Was unable to get ComboFix to run. Deleted it and downloaded again.

Ran it and here is the log.

ComboFix 08-11-10.01 - James 2008-11-11 11:31:31.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1478 [GMT -5:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-11 11:16 . 2008-11-11 11:16 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-11-09 16:31 . 2008-11-09 16:31 <DIR> d---s---- c:\documents and settings\James\UserData
2008-11-09 13:49 . 2004-08-10 06:00 169,984 --a------ c:\windows\system32\dllcache\iisui.dll
2008-11-09 13:49 . 2004-08-10 06:00 94,720 --a------ c:\windows\system32\dllcache\certmap.ocx
2008-11-09 13:49 . 2001-08-17 14:56 66,048 --a------ c:\windows\system32\dllcache\s3legacy.dll
2008-11-09 13:49 . 2004-08-10 06:00 19,968 --a------ c:\windows\system32\dllcache\inetsloc.dll
2008-11-09 13:49 . 2004-08-10 06:00 14,336 --a------ c:\windows\system32\dllcache\iisreset.exe
2008-11-09 13:49 . 2004-08-10 06:00 7,680 --a------ c:\windows\system32\dllcache\inetmgr.exe
2008-11-09 13:49 . 2004-08-10 06:00 7,168 --a------ c:\windows\system32\dllcache\wamregps.dll
2008-11-09 13:49 . 2004-08-10 06:00 6,144 --a------ c:\windows\system32\dllcache\ftpsapi2.dll
2008-11-09 13:49 . 2004-08-10 06:00 5,632 --a------ c:\windows\system32\dllcache\iisrstap.dll
2008-11-09 11:28 . 2008-11-09 11:28 <DIR> d-------- c:\program files\Sun
2008-11-09 11:27 . 2008-11-09 11:27 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-09 11:27 . 2008-11-09 11:27 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-09 10:14 . 2008-11-09 10:16 <DIR> d-------- C:\Lop SD
2008-11-07 20:11 . 2008-11-07 20:11 <DIR> d-------- c:\program files\ERUNT
2008-11-07 19:50 . 2008-11-07 19:50 <DIR> d-------- c:\documents and settings\James\Application Data\U3
2008-11-06 18:41 . 2008-11-06 18:41 <DIR> d-------- c:\documents and settings\Earlene\Application Data\Malwarebytes
2008-11-05 15:35 . 2008-11-05 15:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-05 15:35 . 2008-11-05 15:35 <DIR> d-------- c:\documents and settings\James\Application Data\Malwarebytes
2008-11-05 15:35 . 2008-11-05 15:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 15:35 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 15:35 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-16 00:07 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-16 00:07 . 2008-09-08 05:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-16 00:06 . 2008-08-14 05:11 2,189,184 --a------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 00:06 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 00:06 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 16:27 --------- d-----w c:\program files\Java
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 01:11 --------- d-----w c:\program files\LimeWire
2008-10-14 01:11 --------- d-----w c:\documents and settings\Earlene\Application Data\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-08-20 05:30 619,520 ----a-w c:\windows\system32\dllcache\urlmon.dll
2008-08-20 05:30 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-20 05:30 1,499,136 ----a-w c:\windows\system32\dllcache\shdocvw.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2007-02-04 15:55 0 ----a-w c:\documents and settings\Earlene\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-07_21.09.25.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 00:11:48 136,192 ----a-w c:\windows\system32\dllcache\aaclient.dll
+ 2008-04-14 00:11:48 1,852,928 ----a-w c:\windows\system32\dllcache\acgenral.dll
+ 2008-04-14 00:11:48 451,072 ----a-w c:\windows\system32\dllcache\aclayers.dll
+ 2008-04-14 00:11:48 245,248 ----a-w c:\windows\system32\dllcache\acspecfc.dll
+ 2008-04-14 00:11:48 116,224 ----a-w c:\windows\system32\dllcache\acxtrnal.dll
+ 2008-04-14 00:11:48 20,540 ----a-w c:\windows\system32\dllcache\admin.dll
+ 2008-04-14 00:12:12 16,439 ----a-w c:\windows\system32\dllcache\admin.exe
+ 2008-04-14 00:11:48 43,520 ----a-w c:\windows\system32\dllcache\admwprox.dll
+ 2008-04-14 00:11:48 290,816 ----a-w c:\windows\system32\dllcache\adsiis51.dll
+ 2008-04-14 00:12:12 98,304 ----a-w c:\windows\system32\dllcache\ahui.exe
+ 2008-04-14 00:11:49 125,952 ----a-w c:\windows\system32\dllcache\apphelp.dll
+ 2008-04-14 00:11:49 65,024 ----a-w c:\windows\system32\dllcache\asycfilt.dll
+ 2008-04-14 00:11:50 30,208 ----a-w c:\windows\system32\dllcache\atmlib.dll
+ 2008-04-14 00:11:50 20,540 ----a-w c:\windows\system32\dllcache\author.dll
+ 2008-04-14 00:12:12 16,439 ----a-w c:\windows\system32\dllcache\author.exe
+ 2008-04-14 00:11:50 233,472 ----a-w c:\windows\system32\dllcache\azroles.dll
+ 2008-04-14 00:11:50 7,168 ----a-w c:\windows\system32\dllcache\bitsprx4.dll
+ 2008-04-14 00:09:05 16,896 ----a-w c:\windows\system32\dllcache\cfgmgr32.dll
+ 2008-04-14 00:12:14 188,480 ----a-w c:\windows\system32\dllcache\cfgwiz.exe
+ 2008-04-14 00:11:51 46,592 ----a-w c:\windows\system32\dllcache\coadmin.dll
+ 2008-04-14 00:11:51 617,472 ----a-w c:\windows\system32\dllcache\comctl32.dll
+ 2008-04-14 00:11:51 276,992 ----a-w c:\windows\system32\dllcache\comdlg32.dll
+ 2008-04-14 00:11:51 252,928 ----a-w c:\windows\system32\dllcache\compatui.dll
+ 2008-04-14 00:11:51 599,040 ----a-w c:\windows\system32\dllcache\crypt32.dll
+ 2008-04-14 00:11:51 74,752 ----a-w c:\windows\system32\dllcache\cryptdlg.dll
+ 2008-04-14 00:11:51 33,280 ----a-w c:\windows\system32\dllcache\cryptdll.dll
+ 2008-04-14 00:11:51 53,760 ----a-w c:\windows\system32\dllcache\cryptext.dll
+ 2008-04-14 00:11:51 64,512 ----a-w c:\windows\system32\dllcache\cryptnet.dll
+ 2008-04-14 00:11:51 62,464 ----a-w c:\windows\system32\dllcache\cryptsvc.dll
+ 2008-04-14 00:11:51 512,512 ----a-w c:\windows\system32\dllcache\cryptui.dll
+ 2004-08-10 11:00:00 27,136 ----a-w c:\windows\system32\dllcache\ctl3d32.dll
+ 2008-04-14 00:11:52 19,456 ----a-w c:\windows\system32\dllcache\dimsntfy.dll
+ 2008-04-14 00:11:52 39,936 ----a-w c:\windows\system32\dllcache\dimsroam.dll
+ 2008-04-14 00:11:52 32,768 ----a-w c:\windows\system32\dllcache\dispex.dll
+ 2004-08-10 11:00:00 246,272 ----a-w c:\windows\system32\dllcache\drmclien.dll
+ 2004-08-10 11:00:00 92,672 ----a-w c:\windows\system32\dllcache\drmstor.dll
+ 2008-04-14 00:11:52 16,384 ----a-w c:\windows\system32\dllcache\ds32gt.dll
+ 2008-04-13 17:37:57 138,752 ----a-w c:\windows\system32\dllcache\dssenh.dll
+ 2008-04-14 00:11:53 380,445 ----a-w c:\windows\system32\dllcache\expsrv.dll
+ 2008-04-13 19:14:29 143,744 ----a-w c:\windows\system32\dllcache\fastfat.sys
+ 2008-04-14 00:11:53 184,435 ----a-w c:\windows\system32\dllcache\fp4amsft.dll
+ 2008-04-14 00:11:53 82,035 ----a-w c:\windows\system32\dllcache\fp4anscp.dll
+ 2008-04-14 00:11:53 147,513 ----a-w c:\windows\system32\dllcache\fp4apws.dll
+ 2008-04-14 00:11:53 49,210 ----a-w c:\windows\system32\dllcache\fp4areg.dll
+ 2008-04-14 00:11:53 102,509 ----a-w c:\windows\system32\dllcache\fp4atxt.dll
+ 2008-04-14 00:11:53 41,020 ----a-w c:\windows\system32\dllcache\fp4avnb.dll
+ 2008-04-14 00:11:53 32,826 ----a-w c:\windows\system32\dllcache\fp4avss.dll
+ 2008-04-14 00:11:53 49,212 ----a-w c:\windows\system32\dllcache\fp4awebs.dll
+ 2008-04-14 00:11:53 876,653 ----a-w c:\windows\system32\dllcache\fp4awel.dll
+ 2008-04-14 00:12:20 15,120 ----a-w c:\windows\system32\dllcache\fp98sadm.exe
+ 2008-04-14 00:12:20 109,840 ----a-w c:\windows\system32\dllcache\fp98swin.exe
+ 2008-04-14 00:12:20 188,494 ----a-w c:\windows\system32\dllcache\fpcount.exe
+ 2008-04-14 00:11:53 20,541 ----a-w c:\windows\system32\dllcache\fpexedll.dll
+ 2008-04-14 00:11:53 598,071 ----a-w c:\windows\system32\dllcache\fpmmc.dll
+ 2007-04-02 16:36:04 208,896 ----a-w c:\windows\system32\dllcache\fpmmcsat.dll
+ 2008-04-14 00:12:20 20,538 ----a-w c:\windows\system32\dllcache\fpremadm.exe
+ 2008-04-14 00:11:54 68,608 ----a-w c:\windows\system32\dllcache\iisext51.dll
+ 2008-04-14 00:11:54 64,512 ----a-w c:\windows\system32\dllcache\iismap.dll
+ 2008-04-14 00:12:22 30,720 ----a-w c:\windows\system32\dllcache\iisrstas.exe
+ 2008-04-14 00:11:54 133,632 ----a-w c:\windows\system32\dllcache\iisrtl.dll
+ 2008-04-14 00:11:54 36,921 ----a-w c:\windows\system32\dllcache\imeshare.dll
+ 2008-04-14 00:11:55 829,440 ----a-w c:\windows\system32\dllcache\inetmgr.dll
+ 2008-04-14 00:11:55 13,312 ----a-w c:\windows\system32\dllcache\infoadmn.dll
+ 2008-04-13 19:19:42 75,264 ----a-w c:\windows\system32\dllcache\ipsec.sys
+ 2008-04-14 00:11:55 68,608 ----a-w c:\windows\system32\dllcache\isatq.dll
+ 2008-04-14 00:11:55 155,136 ----a-w c:\windows\system32\dllcache\itircl.dll
+ 2008-04-14 00:11:55 138,240 ----a-w c:\windows\system32\dllcache\itss.dll
+ 2008-04-14 00:11:56 15,872 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\system32\dllcache\kbdbhc.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\system32\dllcache\kbdiultn.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\system32\dllcache\kbdnepr.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\system32\dllcache\kbdpash.dll
+ 2008-04-14 00:11:56 989,696 ----a-w c:\windows\system32\dllcache\kernel32.dll
+ 2006-10-19 02:47:14 11,264 ----a-w c:\windows\system32\dllcache\laprxy.dll
+ 2006-10-19 01:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-04-14 00:11:56 728,064 ----a-w c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-10 11:00:00 924,432 ----a-w c:\windows\system32\dllcache\mfc40.dll
+ 2008-04-14 00:11:56 927,504 ----a-w c:\windows\system32\dllcache\mfc40u.dll
+ 2008-04-14 00:11:56 1,028,096 ----a-w c:\windows\system32\dllcache\mfc42.dll
+ 2008-04-14 00:11:56 22,528 ----a-w c:\windows\system32\dllcache\mfcsubs.dll
+ 2008-04-13 17:25:57 20,480 ----a-w c:\windows\system32\dllcache\msadcer.dll
+ 2008-04-14 00:11:58 61,440 ----a-w c:\windows\system32\dllcache\msadcf.dll
+ 2008-04-13 17:25:57 16,384 ----a-w c:\windows\system32\dllcache\msadcfr.dll
+ 2008-04-14 00:11:58 143,360 ----a-w c:\windows\system32\dllcache\msadco.dll
+ 2008-04-13 17:25:57 16,384 ----a-w c:\windows\system32\dllcache\msadcor.dll
+ 2008-04-14 00:11:58 53,248 ----a-w c:\windows\system32\dllcache\msadcs.dll
+ 2008-04-14 00:11:58 155,648 ----a-w c:\windows\system32\dllcache\msadds.dll
+ 2008-04-13 17:25:58 24,576 ----a-w c:\windows\system32\dllcache\msaddsr.dll
+ 2008-04-13 17:26:17 24,576 ----a-w c:\windows\system32\dllcache\msader15.dll
+ 2008-04-14 00:11:58 536,576 ----a-w c:\windows\system32\dllcache\msado15.dll
+ 2008-04-14 00:11:58 180,224 ----a-w c:\windows\system32\dllcache\msadomd.dll
+ 2008-04-14 00:11:58 57,344 ----a-w c:\windows\system32\dllcache\msador15.dll
+ 2008-04-14 00:11:58 200,704 ----a-w c:\windows\system32\dllcache\msadox.dll
+ 2008-04-14 00:11:58 57,344 ----a-w c:\windows\system32\dllcache\msadrh15.dll
+ 2008-04-14 00:11:58 36,864 ----a-w c:\windows\system32\dllcache\mscpxl32.dll
+ 2008-04-14 00:11:58 4,096 ----a-w c:\windows\system32\dllcache\msdadc.dll
+ 2008-04-14 00:11:58 4,096 ----a-w c:\windows\system32\dllcache\msdaenum.dll
+ 2008-04-14 00:11:58 4,096 ----a-w c:\windows\system32\dllcache\msdaer.dll
+ 2008-04-14 00:11:58 233,472 ----a-w c:\windows\system32\dllcache\msdaora.dll
+ 2008-04-14 00:11:58 77,824 ----a-w c:\windows\system32\dllcache\msdaosp.dll
+ 2008-04-13 17:25:58 16,384 ----a-w c:\windows\system32\dllcache\msdaprsr.dll
+ 2008-04-14 00:11:58 200,704 ----a-w c:\windows\system32\dllcache\msdaprst.dll
+ 2008-04-14 00:11:59 204,800 ----a-w c:\windows\system32\dllcache\msdaps.dll
+ 2008-04-14 00:11:59 118,784 ----a-w c:\windows\system32\dllcache\msdarem.dll
+ 2008-04-13 17:25:58 16,384 ----a-w c:\windows\system32\dllcache\msdaremr.dll
+ 2008-04-14 00:11:59 4,096 ----a-w c:\windows\system32\dllcache\msdasc.dll
+ 2008-04-14 00:11:59 315,392 ----a-w c:\windows\system32\dllcache\msdasql.dll
+ 2008-04-13 17:26:07 16,384 ----a-w c:\windows\system32\dllcache\msdasqlr.dll
+ 2008-04-14 00:11:59 20,480 ----a-w c:\windows\system32\dllcache\msdatt.dll
+ 2008-04-14 00:11:59 4,096 ----a-w c:\windows\system32\dllcache\msdaurl.dll
+ 2008-04-14 00:11:59 36,864 ----a-w c:\windows\system32\dllcache\msdfmap.dll
+ 2008-04-14 00:10:08 4,126 ----a-w c:\windows\system32\dllcache\msdxmlc.dll
+ 2008-04-14 00:12:00 151,583 ----a-w c:\windows\system32\dllcache\msjint40.dll
+ 2008-04-14 00:12:00 102,400 ----a-w c:\windows\system32\dllcache\msjro.dll
+ 2008-04-14 00:12:00 143,360 ----a-w c:\windows\system32\dllcache\msorcl32.dll
+ 2004-08-10 11:00:00 4,608 ----a-w c:\windows\system32\dllcache\mssip32.dll
+ 2008-04-14 00:12:01 343,040 ----a-w c:\windows\system32\dllcache\msvcrt.dll
+ 2008-04-13 18:30:46 61,440 ----a-w c:\windows\system32\dllcache\msvcrt40.dll
+ 2008-04-14 00:12:01 24,576 ----a-w c:\windows\system32\dllcache\msxactps.dll
+ 2008-04-13 19:20:42 91,520 ----a-w c:\windows\system32\dllcache\ndiswan.sys
+ 2008-04-14 00:11:24 706,048 ----a-w c:\windows\system32\dllcache\ntdll.dll
+ 2008-04-13 19:15:53 574,976 ----a-w c:\windows\system32\dllcache\ntfs.sys
+ 2004-08-10 11:00:00 17,408 ----a-w c:\windows\system32\dllcache\nwapi16.dll
+ 2008-04-14 00:12:02 64,000 ----a-w c:\windows\system32\dllcache\nwapi32.dll
+ 2008-04-14 00:12:02 67,584 ----a-w c:\windows\system32\dllcache\ocmanage.dll
+ 2008-04-14 00:12:02 106,496 ----a-w c:\windows\system32\dllcache\odbccp32.dll
+ 2008-04-14 00:12:02 20,511 ----a-w c:\windows\system32\dllcache\odtext32.dll
+ 2004-08-19 19:25:28 13,107,200 ----a-w c:\windows\system32\dllcache\oembios.bin
+ 2004-08-19 19:25:28 4,627 ----a-w c:\windows\system32\dllcache\oembios.dat
+ 2008-04-14 00:12:02 1,287,168 ----a-w c:\windows\system32\dllcache\ole32.dll
+ 2008-04-14 00:12:02 551,936 ----a-w c:\windows\system32\dllcache\oleaut32.dll
+ 2008-04-14 00:12:02 84,992 ----a-w c:\windows\system32\dllcache\olepro32.dll
+ 2008-04-14 00:12:04 433,664 ----a-w c:\windows\system32\dllcache\riched20.dll
+ 2004-08-10 11:00:00 3,584 ----a-w c:\windows\system32\dllcache\riched32.dll
+ 2008-04-13 17:37:57 208,384 ----a-w c:\windows\system32\dllcache\rsaenh.dll
+ 2008-04-14 00:12:04 64,000 ----a-w c:\windows\system32\dllcache\samlib.dll
+ 2008-04-14 00:12:04 415,744 ----a-w c:\windows\system32\dllcache\samsrv.dll
+ 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\dllcache\schannel.dll
+ 2008-04-14 00:12:34 77,312 ----a-w c:\windows\system32\dllcache\sdbinst.exe
+ 2004-08-10 11:00:00 4,569 ----a-w c:\windows\system32\dllcache\secupd.dat
+ 2008-04-14 09:42:06 985,088 ----a-w c:\windows\system32\dllcache\setupapi.dll
+ 2008-04-14 00:12:05 5,120 ----a-w c:\windows\system32\dllcache\sfc.dll
+ 2004-08-10 11:00:00 9,728 ----a-w c:\windows\system32\dllcache\sfc.exe
+ 2008-04-14 00:12:05 1,614,848 ----a-w c:\windows\system32\dllcache\sfcfiles.dll
+ 2008-04-14 00:12:05 65,024 ----a-w c:\windows\system32\dllcache\shimeng.dll
+ 2008-04-14 00:12:05 20,536 ----a-w c:\windows\system32\dllcache\shtml.dll
+ 2008-04-14 00:12:35 16,437 ----a-w c:\windows\system32\dllcache\shtml.exe
+ 2008-04-14 00:12:06 25,088 ----a-w c:\windows\system32\dllcache\slayerxp.dll
+ 2008-04-14 00:12:06 189,440 ----a-w c:\windows\system32\dllcache\smtpadm.dll
+ 2008-04-14 00:12:06 2,134,528 ----a-w c:\windows\system32\dllcache\smtpsnap.dll
+ 2008-04-14 00:12:07 8,192 ----a-w c:\windows\system32\dllcache\staxmem.dll
+ 2008-04-14 00:12:37 106,496 ----a-w c:\windows\system32\dllcache\sysocmgr.exe
+ 2008-04-14 00:12:37 32,827 ----a-w c:\windows\system32\dllcache\tcptest.exe
+ 2007-04-02 16:36:07 16,384 ----a-w c:\windows\system32\dllcache\tcptsat.dll
+ 2004-08-10 11:00:00 49,680 ----a-w c:\windows\system32\dllcache\twunk_16.exe
+ 2004-08-10 11:00:00 25,600 ----a-w c:\windows\system32\dllcache\twunk_32.exe
+ 2004-08-10 11:00:00 177,856 ----a-w c:\windows\system32\dllcache\typelib.dll
+ 2008-04-14 00:12:07 123,392 ----a-w c:\windows\system32\dllcache\umpnpmgr.dll
+ 2008-04-14 00:12:08 37,888 ----a-w c:\windows\system32\dllcache\url.dll
+ 2008-04-14 00:12:39 507,904 ----a-w c:\windows\system32\dllcache\winlogon.exe
+ 2008-04-14 00:12:09 176,640 ----a-w c:\windows\system32\dllcache\wintrust.dll
- 2005-11-10 17:27:06 49,248 ----a-w c:\windows\system32\java.exe
+ 2008-11-09 16:27:22 144,792 ----a-w c:\windows\system32\java.exe
- 2005-11-10 17:27:16 49,250 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-09 16:27:22 144,792 ----a-w c:\windows\system32\javaw.exe
- 2005-11-10 19:03:54 127,078 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-09 16:27:22 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-11-08 02:03:05 62,126 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-09 15:56:59 69,896 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-08 02:03:05 396,276 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-09 15:56:59 409,416 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-11 13:20:08 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6f0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 398864]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1764864]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1470464]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1105920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 831579]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 126976]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 294912]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 155648]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-09 214424]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 283888]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-01-23 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2008-01-11 389120]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.speex32"= speex32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\WRAL DESKTOP WEATHER\\TrueWeather.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"c:\\WINDOWS\\system32\\WLTRAY.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Dell\\QuickSet\\quickset.exe"=
"c:\\Program Files\\Dell Support\\DSAgnt.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=
"c:\\WINDOWS\\stsystra.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 14\\TMAS_OE\\TMAS_OEMon.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 14\\pccmain.exe"=

R3 abp470n5;abp470n5;c:\windows\system32\drivers\hhgmrs.sys [ ]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);c:\windows\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2008-11-08 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - James.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\6isqf98n.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 11:33:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-11-11 11:37:31
ComboFix-quarantined-files.txt 2008-11-11 16:36:28
ComboFix2.txt 2008-11-09 14:05:57
ComboFix3.txt 2008-11-09 03:50:23
ComboFix4.txt 2008-11-09 03:17:52
ComboFix5.txt 2008-11-11 16:31:01

Pre-Run: 50,651,627,520 bytes free
Post-Run: 50,582,069,248 bytes free

347 --- E O F --- 2008-10-24 17:55:59

[Gator]

I am unable to shutdown any of the Trend Internet Security sections because they are not accessable. This includes the firewall[/b].

Was unable to get ComboFix to run. Deleted it and downloaded again.

Ran it and here is the log.

ComboFix 08-11-10.01 - James 2008-11-11 11:31:31.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1478 [GMT -5:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-11 11:16 . 2008-11-11 11:16 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-11-09 16:31 . 2008-11-09 16:31 <DIR> d---s---- c:\documents and settings\James\UserData
2008-11-09 13:49 . 2004-08-10 06:00 169,984 --a------ c:\windows\system32\dllcache\iisui.dll
2008-11-09 13:49 . 2004-08-10 06:00 94,720 --a------ c:\windows\system32\dllcache\certmap.ocx
2008-11-09 13:49 . 2001-08-17 14:56 66,048 --a------ c:\windows\system32\dllcache\s3legacy.dll
2008-11-09 13:49 . 2004-08-10 06:00 19,968 --a------ c:\windows\system32\dllcache\inetsloc.dll
2008-11-09 13:49 . 2004-08-10 06:00 14,336 --a------ c:\windows\system32\dllcache\iisreset.exe
2008-11-09 13:49 . 2004-08-10 06:00 7,680 --a------ c:\windows\system32\dllcache\inetmgr.exe
2008-11-09 13:49 . 2004-08-10 06:00 7,168 --a------ c:\windows\system32\dllcache\wamregps.dll
2008-11-09 13:49 . 2004-08-10 06:00 6,144 --a------ c:\windows\system32\dllcache\ftpsapi2.dll
2008-11-09 13:49 . 2004-08-10 06:00 5,632 --a------ c:\windows\system32\dllcache\iisrstap.dll
2008-11-09 11:28 . 2008-11-09 11:28 <DIR> d-------- c:\program files\Sun
2008-11-09 11:27 . 2008-11-09 11:27 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-09 11:27 . 2008-11-09 11:27 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-09 10:14 . 2008-11-09 10:16 <DIR> d-------- C:\Lop SD
2008-11-07 20:11 . 2008-11-07 20:11 <DIR> d-------- c:\program files\ERUNT
2008-11-07 19:50 . 2008-11-07 19:50 <DIR> d-------- c:\documents and settings\James\Application Data\U3
2008-11-06 18:41 . 2008-11-06 18:41 <DIR> d-------- c:\documents and settings\Earlene\Application Data\Malwarebytes
2008-11-05 15:35 . 2008-11-05 15:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-05 15:35 . 2008-11-05 15:35 <DIR> d-------- c:\documents and settings\James\Application Data\Malwarebytes
2008-11-05 15:35 . 2008-11-05 15:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 15:35 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 15:35 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-16 00:07 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-16 00:07 . 2008-09-08 05:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-16 00:06 . 2008-08-14 05:11 2,189,184 --a------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 00:06 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 00:06 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 16:27 --------- d-----w c:\program files\Java
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 01:11 --------- d-----w c:\program files\LimeWire
2008-10-14 01:11 --------- d-----w c:\documents and settings\Earlene\Application Data\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-08-20 05:30 619,520 ----a-w c:\windows\system32\dllcache\urlmon.dll
2008-08-20 05:30 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-20 05:30 1,499,136 ----a-w c:\windows\system32\dllcache\shdocvw.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2007-02-04 15:55 0 ----a-w c:\documents and settings\Earlene\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-07_21.09.25.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 00:11:48 136,192 ----a-w c:\windows\system32\dllcache\aaclient.dll
+ 2008-04-14 00:11:48 1,852,928 ----a-w c:\windows\system32\dllcache\acgenral.dll
+ 2008-04-14 00:11:48 451,072 ----a-w c:\windows\system32\dllcache\aclayers.dll
+ 2008-04-14 00:11:48 245,248 ----a-w c:\windows\system32\dllcache\acspecfc.dll
+ 2008-04-14 00:11:48 116,224 ----a-w c:\windows\system32\dllcache\acxtrnal.dll
+ 2008-04-14 00:11:48 20,540 ----a-w c:\windows\system32\dllcache\admin.dll
+ 2008-04-14 00:12:12 16,439 ----a-w c:\windows\system32\dllcache\admin.exe
+ 2008-04-14 00:11:48 43,520 ----a-w c:\windows\system32\dllcache\admwprox.dll
+ 2008-04-14 00:11:48 290,816 ----a-w c:\windows\system32\dllcache\adsiis51.dll
+ 2008-04-14 00:12:12 98,304 ----a-w c:\windows\system32\dllcache\ahui.exe
+ 2008-04-14 00:11:49 125,952 ----a-w c:\windows\system32\dllcache\apphelp.dll
+ 2008-04-14 00:11:49 65,024 ----a-w c:\windows\system32\dllcache\asycfilt.dll
+ 2008-04-14 00:11:50 30,208 ----a-w c:\windows\system32\dllcache\atmlib.dll
+ 2008-04-14 00:11:50 20,540 ----a-w c:\windows\system32\dllcache\author.dll
+ 2008-04-14 00:12:12 16,439 ----a-w c:\windows\system32\dllcache\author.exe
+ 2008-04-14 00:11:50 233,472 ----a-w c:\windows\system32\dllcache\azroles.dll
+ 2008-04-14 00:11:50 7,168 ----a-w c:\windows\system32\dllcache\bitsprx4.dll
+ 2008-04-14 00:09:05 16,896 ----a-w c:\windows\system32\dllcache\cfgmgr32.dll
+ 2008-04-14 00:12:14 188,480 ----a-w c:\windows\system32\dllcache\cfgwiz.exe
+ 2008-04-14 00:11:51 46,592 ----a-w c:\windows\system32\dllcache\coadmin.dll
+ 2008-04-14 00:11:51 617,472 ----a-w c:\windows\system32\dllcache\comctl32.dll
+ 2008-04-14 00:11:51 276,992 ----a-w c:\windows\system32\dllcache\comdlg32.dll
+ 2008-04-14 00:11:51 252,928 ----a-w c:\windows\system32\dllcache\compatui.dll
+ 2008-04-14 00:11:51 599,040 ----a-w c:\windows\system32\dllcache\crypt32.dll
+ 2008-04-14 00:11:51 74,752 ----a-w c:\windows\system32\dllcache\cryptdlg.dll
+ 2008-04-14 00:11:51 33,280 ----a-w c:\windows\system32\dllcache\cryptdll.dll
+ 2008-04-14 00:11:51 53,760 ----a-w c:\windows\system32\dllcache\cryptext.dll
+ 2008-04-14 00:11:51 64,512 ----a-w c:\windows\system32\dllcache\cryptnet.dll
+ 2008-04-14 00:11:51 62,464 ----a-w c:\windows\system32\dllcache\cryptsvc.dll
+ 2008-04-14 00:11:51 512,512 ----a-w c:\windows\system32\dllcache\cryptui.dll
+ 2004-08-10 11:00:00 27,136 ----a-w c:\windows\system32\dllcache\ctl3d32.dll
+ 2008-04-14 00:11:52 19,456 ----a-w c:\windows\system32\dllcache\dimsntfy.dll
+ 2008-04-14 00:11:52 39,936 ----a-w c:\windows\system32\dllcache\dimsroam.dll
+ 2008-04-14 00:11:52 32,768 ----a-w c:\windows\system32\dllcache\dispex.dll
+ 2004-08-10 11:00:00 246,272 ----a-w c:\windows\system32\dllcache\drmclien.dll
+ 2004-08-10 11:00:00 92,672 ----a-w c:\windows\system32\dllcache\drmstor.dll
+ 2008-04-14 00:11:52 16,384 ----a-w c:\windows\system32\dllcache\ds32gt.dll
+ 2008-04-13 17:37:57 138,752 ----a-w c:\windows\system32\dllcache\dssenh.dll
+ 2008-04-14 00:11:53 380,445 ----a-w c:\windows\system32\dllcache\expsrv.dll
+ 2008-04-13 19:14:29 143,744 ----a-w c:\windows\system32\dllcache\fastfat.sys
+ 2008-04-14 00:11:53 184,435 ----a-w c:\windows\system32\dllcache\fp4amsft.dll
+ 2008-04-14 00:11:53 82,035 ----a-w c:\windows\system32\dllcache\fp4anscp.dll
+ 2008-04-14 00:11:53 147,513 ----a-w c:\windows\system32\dllcache\fp4apws.dll
+ 2008-04-14 00:11:53 49,210 ----a-w c:\windows\system32\dllcache\fp4areg.dll
+ 2008-04-14 00:11:53 102,509 ----a-w c:\windows\system32\dllcache\fp4atxt.dll
+ 2008-04-14 00:11:53 41,020 ----a-w c:\windows\system32\dllcache\fp4avnb.dll
+ 2008-04-14 00:11:53 32,826 ----a-w c:\windows\system32\dllcache\fp4avss.dll
+ 2008-04-14 00:11:53 49,212 ----a-w c:\windows\system32\dllcache\fp4awebs.dll
+ 2008-04-14 00:11:53 876,653 ----a-w c:\windows\system32\dllcache\fp4awel.dll
+ 2008-04-14 00:12:20 15,120 ----a-w c:\windows\system32\dllcache\fp98sadm.exe
+ 2008-04-14 00:12:20 109,840 ----a-w c:\windows\system32\dllcache\fp98swin.exe
+ 2008-04-14 00:12:20 188,494 ----a-w c:\windows\system32\dllcache\fpcount.exe
+ 2008-04-14 00:11:53 20,541 ----a-w c:\windows\system32\dllcache\fpexedll.dll
+ 2008-04-14 00:11:53 598,071 ----a-w c:\windows\system32\dllcache\fpmmc.dll
+ 2007-04-02 16:36:04 208,896 ----a-w c:\windows\system32\dllcache\fpmmcsat.dll
+ 2008-04-14 00:12:20 20,538 ----a-w c:\windows\system32\dllcache\fpremadm.exe
+ 2008-04-14 00:11:54 68,608 ----a-w c:\windows\system32\dllcache\iisext51.dll
+ 2008-04-14 00:11:54 64,512 ----a-w c:\windows\system32\dllcache\iismap.dll
+ 2008-04-14 00:12:22 30,720 ----a-w c:\windows\system32\dllcache\iisrstas.exe
+ 2008-04-14 00:11:54 133,632 ----a-w c:\windows\system32\dllcache\iisrtl.dll
+ 2008-04-14 00:11:54 36,921 ----a-w c:\windows\system32\dllcache\imeshare.dll
+ 2008-04-14 00:11:55 829,440 ----a-w c:\windows\system32\dllcache\inetmgr.dll
+ 2008-04-14 00:11:55 13,312 ----a-w c:\windows\system32\dllcache\infoadmn.dll
+ 2008-04-13 19:19:42 75,264 ----a-w c:\windows\system32\dllcache\ipsec.sys
+ 2008-04-14 00:11:55 68,608 ----a-w c:\windows\system32\dllcache\isatq.dll
+ 2008-04-14 00:11:55 155,136 ----a-w c:\windows\system32\dllcache\itircl.dll
+ 2008-04-14 00:11:55 138,240 ----a-w c:\windows\system32\dllcache\itss.dll
+ 2008-04-14 00:11:56 15,872 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\system32\dllcache\kbdbhc.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\system32\dllcache\kbdiultn.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\system32\dllcache\kbdnepr.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\system32\dllcache\kbdpash.dll
+ 2008-04-14 00:11:56 989,696 ----a-w c:\windows\system32\dllcache\kernel32.dll
+ 2006-10-19 02:47:14 11,264 ----a-w c:\windows\system32\dllcache\laprxy.dll
+ 2006-10-19 01:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-04-14 00:11:56 728,064 ----a-w c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-10 11:00:00 924,432 ----a-w c:\windows\system32\dllcache\mfc40.dll
+ 2008-04-14 00:11:56 927,504 ----a-w c:\windows\system32\dllcache\mfc40u.dll
+ 2008-04-14 00:11:56 1,028,096 ----a-w c:\windows\system32\dllcache\mfc42.dll
+ 2008-04-14 00:11:56 22,528 ----a-w c:\windows\system32\dllcache\mfcsubs.dll
+ 2008-04-13 17:25:57 20,480 ----a-w c:\windows\system32\dllcache\msadcer.dll
+ 2008-04-14 00:11:58 61,440 ----a-w c:\windows\system32\dllcache\msadcf.dll
+ 2008-04-13 17:25:57 16,384 ----a-w c:\windows\system32\dllcache\msadcfr.dll
+ 2008-04-14 00:11:58 143,360 ----a-w c:\windows\system32\dllcache\msadco.dll
+ 2008-04-13 17:25:57 16,384 ----a-w c:\windows\system32\dllcache\msadcor.dll
+ 2008-04-14 00:11:58 53,248 ----a-w c:\windows\system32\dllcache\msadcs.dll
+ 2008-04-14 00:11:58 155,648 ----a-w c:\windows\system32\dllcache\msadds.dll
+ 2008-04-13 17:25:58 24,576 ----a-w c:\windows\system32\dllcache\msaddsr.dll
+ 2008-04-13 17:26:17 24,576 ----a-w c:\windows\system32\dllcache\msader15.dll
+ 2008-04-14 00:11:58 536,576 ----a-w c:\windows\system32\dllcache\msado15.dll
+ 2008-04-14 00:11:58 180,224 ----a-w c:\windows\system32\dllcache\msadomd.dll
+ 2008-04-14 00:11:58 57,344 ----a-w c:\windows\system32\dllcache\msador15.dll
+ 2008-04-14 00:11:58 200,704 ----a-w c:\windows\system32\dllcache\msadox.dll
+ 2008-04-14 00:11:58 57,344 ----a-w c:\windows\system32\dllcache\msadrh15.dll
+ 2008-04-14 00:11:58 36,864 ----a-w c:\windows\system32\dllcache\mscpxl32.dll
+ 2008-04-14 00:11:58 4,096 ----a-w c:\windows\system32\dllcache\msdadc.dll
+ 2008-04-14 00:11:58 4,096 ----a-w c:\windows\system32\dllcache\msdaenum.dll
+ 2008-04-14 00:11:58 4,096 ----a-w c:\windows\system32\dllcache\msdaer.dll
+ 2008-04-14 00:11:58 233,472 ----a-w c:\windows\system32\dllcache\msdaora.dll
+ 2008-04-14 00:11:58 77,824 ----a-w c:\windows\system32\dllcache\msdaosp.dll
+ 2008-04-13 17:25:58 16,384 ----a-w c:\windows\system32\dllcache\msdaprsr.dll
+ 2008-04-14 00:11:58 200,704 ----a-w c:\windows\system32\dllcache\msdaprst.dll
+ 2008-04-14 00:11:59 204,800 ----a-w c:\windows\system32\dllcache\msdaps.dll
+ 2008-04-14 00:11:59 118,784 ----a-w c:\windows\system32\dllcache\msdarem.dll
+ 2008-04-13 17:25:58 16,384 ----a-w c:\windows\system32\dllcache\msdaremr.dll
+ 2008-04-14 00:11:59 4,096 ----a-w c:\windows\system32\dllcache\msdasc.dll
+ 2008-04-14 00:11:59 315,392 ----a-w c:\windows\system32\dllcache\msdasql.dll
+ 2008-04-13 17:26:07 16,384 ----a-w c:\windows\system32\dllcache\msdasqlr.dll
+ 2008-04-14 00:11:59 20,480 ----a-w c:\windows\system32\dllcache\msdatt.dll
+ 2008-04-14 00:11:59 4,096 ----a-w c:\windows\system32\dllcache\msdaurl.dll
+ 2008-04-14 00:11:59 36,864 ----a-w c:\windows\system32\dllcache\msdfmap.dll
+ 2008-04-14 00:10:08 4,126 ----a-w c:\windows\system32\dllcache\msdxmlc.dll
+ 2008-04-14 00:12:00 151,583 ----a-w c:\windows\system32\dllcache\msjint40.dll
+ 2008-04-14 00:12:00 102,400 ----a-w c:\windows\system32\dllcache\msjro.dll
+ 2008-04-14 00:12:00 143,360 ----a-w c:\windows\system32\dllcache\msorcl32.dll
+ 2004-08-10 11:00:00 4,608 ----a-w c:\windows\system32\dllcache\mssip32.dll
+ 2008-04-14 00:12:01 343,040 ----a-w c:\windows\system32\dllcache\msvcrt.dll
+ 2008-04-13 18:30:46 61,440 ----a-w c:\windows\system32\dllcache\msvcrt40.dll
+ 2008-04-14 00:12:01 24,576 ----a-w c:\windows\system32\dllcache\msxactps.dll
+ 2008-04-13 19:20:42 91,520 ----a-w c:\windows\system32\dllcache\ndiswan.sys
+ 2008-04-14 00:11:24 706,048 ----a-w c:\windows\system32\dllcache\ntdll.dll
+ 2008-04-13 19:15:53 574,976 ----a-w c:\windows\system32\dllcache\ntfs.sys
+ 2004-08-10 11:00:00 17,408 ----a-w c:\windows\system32\dllcache\nwapi16.dll
+ 2008-04-14 00:12:02 64,000 ----a-w c:\windows\system32\dllcache\nwapi32.dll
+ 2008-04-14 00:12:02 67,584 ----a-w c:\windows\system32\dllcache\ocmanage.dll
+ 2008-04-14 00:12:02 106,496 ----a-w c:\windows\system32\dllcache\odbccp32.dll
+ 2008-04-14 00:12:02 20,511 ----a-w c:\windows\system32\dllcache\odtext32.dll
+ 2004-08-19 19:25:28 13,107,200 ----a-w c:\windows\system32\dllcache\oembios.bin
+ 2004-08-19 19:25:28 4,627 ----a-w c:\windows\system32\dllcache\oembios.dat
+ 2008-04-14 00:12:02 1,287,168 ----a-w c:\windows\system32\dllcache\ole32.dll
+ 2008-04-14 00:12:02 551,936 ----a-w c:\windows\system32\dllcache\oleaut32.dll
+ 2008-04-14 00:12:02 84,992 ----a-w c:\windows\system32\dllcache\olepro32.dll
+ 2008-04-14 00:12:04 433,664 ----a-w c:\windows\system32\dllcache\riched20.dll
+ 2004-08-10 11:00:00 3,584 ----a-w c:\windows\system32\dllcache\riched32.dll
+ 2008-04-13 17:37:57 208,384 ----a-w c:\windows\system32\dllcache\rsaenh.dll
+ 2008-04-14 00:12:04 64,000 ----a-w c:\windows\system32\dllcache\samlib.dll
+ 2008-04-14 00:12:04 415,744 ----a-w c:\windows\system32\dllcache\samsrv.dll
+ 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\dllcache\schannel.dll
+ 2008-04-14 00:12:34 77,312 ----a-w c:\windows\system32\dllcache\sdbinst.exe
+ 2004-08-10 11:00:00 4,569 ----a-w c:\windows\system32\dllcache\secupd.dat
+ 2008-04-14 09:42:06 985,088 ----a-w c:\windows\system32\dllcache\setupapi.dll
+ 2008-04-14 00:12:05 5,120 ----a-w c:\windows\system32\dllcache\sfc.dll
+ 2004-08-10 11:00:00 9,728 ----a-w c:\windows\system32\dllcache\sfc.exe
+ 2008-04-14 00:12:05 1,614,848 ----a-w c:\windows\system32\dllcache\sfcfiles.dll
+ 2008-04-14 00:12:05 65,024 ----a-w c:\windows\system32\dllcache\shimeng.dll
+ 2008-04-14 00:12:05 20,536 ----a-w c:\windows\system32\dllcache\shtml.dll
+ 2008-04-14 00:12:35 16,437 ----a-w c:\windows\system32\dllcache\shtml.exe
+ 2008-04-14 00:12:06 25,088 ----a-w c:\windows\system32\dllcache\slayerxp.dll
+ 2008-04-14 00:12:06 189,440 ----a-w c:\windows\system32\dllcache\smtpadm.dll
+ 2008-04-14 00:12:06 2,134,528 ----a-w c:\windows\system32\dllcache\smtpsnap.dll
+ 2008-04-14 00:12:07 8,192 ----a-w c:\windows\system32\dllcache\staxmem.dll
+ 2008-04-14 00:12:37 106,496 ----a-w c:\windows\system32\dllcache\sysocmgr.exe
+ 2008-04-14 00:12:37 32,827 ----a-w c:\windows\system32\dllcache\tcptest.exe
+ 2007-04-02 16:36:07 16,384 ----a-w c:\windows\system32\dllcache\tcptsat.dll
+ 2004-08-10 11:00:00 49,680 ----a-w c:\windows\system32\dllcache\twunk_16.exe
+ 2004-08-10 11:00:00 25,600 ----a-w c:\windows\system32\dllcache\twunk_32.exe
+ 2004-08-10 11:00:00 177,856 ----a-w c:\windows\system32\dllcache\typelib.dll
+ 2008-04-14 00:12:07 123,392 ----a-w c:\windows\system32\dllcache\umpnpmgr.dll
+ 2008-04-14 00:12:08 37,888 ----a-w c:\windows\system32\dllcache\url.dll
+ 2008-04-14 00:12:39 507,904 ----a-w c:\windows\system32\dllcache\winlogon.exe
+ 2008-04-14 00:12:09 176,640 ----a-w c:\windows\system32\dllcache\wintrust.dll
- 2005-11-10 17:27:06 49,248 ----a-w c:\windows\system32\java.exe
+ 2008-11-09 16:27:22 144,792 ----a-w c:\windows\system32\java.exe
- 2005-11-10 17:27:16 49,250 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-09 16:27:22 144,792 ----a-w c:\windows\system32\javaw.exe
- 2005-11-10 19:03:54 127,078 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-09 16:27:22 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-11-08 02:03:05 62,126 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-09 15:56:59 69,896 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-08 02:03:05 396,276 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-09 15:56:59 409,416 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-11 13:20:08 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6f0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 398864]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1764864]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1470464]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1105920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 831579]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 126976]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 294912]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 155648]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-09 214424]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 283888]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-01-23 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2008-01-11 389120]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.speex32"= speex32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\WRAL DESKTOP WEATHER\\TrueWeather.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"c:\\WINDOWS\\system32\\WLTRAY.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Dell\\QuickSet\\quickset.exe"=
"c:\\Program Files\\Dell Support\\DSAgnt.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=
"c:\\WINDOWS\\stsystra.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 14\\TMAS_OE\\TMAS_OEMon.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 14\\pccmain.exe"=

R3 abp470n5;abp470n5;c:\windows\system32\drivers\hhgmrs.sys [ ]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);c:\windows\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2008-11-08 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - James.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\6isqf98n.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 11:33:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-11-11 11:37:31
ComboFix-quarantined-files.txt 2008-11-11 16:36:28
ComboFix2.txt 2008-11-09 14:05:57
ComboFix3.txt 2008-11-09 03:50:23
ComboFix4.txt 2008-11-09 03:17:52
ComboFix5.txt 2008-11-11 16:31:01

Pre-Run: 50,651,627,520 bytes free
Post-Run: 50,582,069,248 bytes free

347 --- E O F --- 2008-10-24 17:55:59

[LDTate]

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

Driver::
abp470n5

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\TEMP\\winddcb.exe"=-
"c:\\WINDOWS\\TEMP\\hcuxw.exe"=-

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...




Drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.