I have run through your entire Malware Removal Guide with no luck. Here is the log and thanks in advanced for your help!
**updated to add the HijackThis log
OTListIt logfile created on: 5/9/2009 11:40:52 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.5 Folder = C:\Users\Darren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTL4YMNT
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18762)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 45.12% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.04 Gb Total Space | 73.90 Gb Free Space | 33.28% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 1.29 Gb Free Space | 11.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DARREN-LT
Current User Name: Darren
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
PRC - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Users\Darren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTL4YMNT\OTListIt2[1].exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AESTFilters [Auto | Running]) -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_5d1a7764\AESTSr64.exe ()
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\sysnative\agr64svc.exe ()
SRV - (Apple Mobile Device [Disabled | Stopped]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\sysnative\Ati2evxx.exe ()
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Brother XP spl Service [Disabled | Stopped]) -- C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd)
SRV - (BthServ [Auto | Running]) -- C:\Windows\sysnative\bthserv.dll ()
SRV - (ccEvtMgr [Auto | Running]) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Com4QLBEx [On_Demand | Stopped]) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
SRV - (comHost [On_Demand | Stopped]) -- c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [Disabled | Stopped]) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (HP Health Check Service [Auto | Running]) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (hpqwmiex [On_Demand | Stopped]) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (hpsrv [Auto | Running]) -- C:\Windows\sysnative\Hpservice.exe ()
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice [Auto | Running]) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (MediaMall Server [Auto | Running]) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PerfHost [On_Demand | Stopped]) -- C:\Windows\SysWow64\perfhost.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows [Auto | Running]) -- C:\Windows\SMINST\BLService.exe ()
SRV - (RichVideo [Auto | Running]) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
SRV - (SeaPort [Auto | Running]) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (STacSV [Auto | Running]) -- C:\Windows\sysnative\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe ()
SRV - (Symantec Core LC [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Symantec RemoteAssist [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WindowBlinds [Auto | Stopped]) -- File not found
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc [On_Demand | Stopped]) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc [On_Demand | Stopped]) -- c:\Windows\sysnative\ZuneWlanCfgSvc.exe ()
========== Driver Services (SafeList) ==========
DRV - (Accelerometer [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\Accelerometer.sys ()
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\agrsm64.sys ()
DRV - (athr [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\athrx.sys ()
DRV - (AtiHdmiService [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\AtiHdmi.sys ()
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\atikmdag.sys ()
DRV - (AtiPcie [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\AtiPcie.sys ()
DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\bcmwl664.sys ()
DRV - (BthEnum [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\BthEnum.sys ()
DRV - (BthPan [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\bthpan.sys ()
DRV - (BTHPORT [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\BTHport.sys ()
DRV - (BTHUSB [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\BTHUSB.sys ()
DRV - (CmBatt [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\CmBatt.sys ()
DRV - (COH_Mon [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\COH_Mon.sys ()
DRV - (eeCtrl [System | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (enecir [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\enecir.sys ()
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HdAudAddService [On_Demand | Running]) -- C:\Windows\sysnative\drivers\HdAudio.sys ()
DRV - (hpdskflt [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\hpdskflt.sys ()
DRV - (HpqKbFiltr [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\HpqKbFiltr.sys ()
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\VSTAZL6.SYS ()
DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\VSTDPV6.SYS ()
DRV - (IDSvia64 [System | Running]) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090506.001\IDSviA64.sys (Symantec Corporation)
DRV - (JMCR [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\jmcr.sys ()
DRV - (LHidFilt [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\LHidFilt.Sys ()
DRV - (NAVENG [On_Demand | Running]) -- File not found
DRV - (NAVEX15 [On_Demand | Running]) -- File not found
DRV - (NVENETFD [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\nvm60x64.sys ()
DRV - (RFCOMM [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\rfcomm.sys ()
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\Rtlh64.sys ()
DRV - (sdbus [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\sdbus.sys ()
DRV - (SRTSP [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\SRTSP64.SYS ()
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\SRTSPL64.SYS ()
DRV - (SRTSPX [System | Running]) -- C:\Windows\sysnative\Drivers\SRTSPX64.SYS ()
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\stwrt64.sys ()
DRV - (StillCam [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\serscan.sys ()
DRV - (SYMDNS [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\SYMDNS.SYS ()
DRV - (SymEvent [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\SYMEVENT64x86.SYS ()
DRV - (SYMFW [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\SYMFW.SYS ()
DRV - (SymIM [System | Running]) -- C:\Windows\sysnative\DRIVERS\SymIMv.sys ()
DRV - (SYMNDISV [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\SYMNDISV.SYS ()
DRV - (SYMREDRV [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\SYMREDRV.SYS ()
DRV - (SYMTDI [System | Running]) -- C:\Windows\sysnative\Drivers\SYMTDI.SYS ()
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\SynTP.sys ()
DRV - (UMPass [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\umpass.sys ()
DRV - (USBAAPL64 [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\usbaapl64.sys ()
DRV - (usbfilter [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\usbfilter.sys ()
DRV - (usbvideo [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\usbvideo.sys ()
DRV - (winachsf [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\VSTCNXT6.SYS ()
DRV - (WinUSB [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\WinUSB.sys ()
DRV - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\wpdusb.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2008/06/09 23:56:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/27 17:17:32 | 00,000,000 | ---D | M]
O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - Startup: C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{36310f16-a7e6-11dd-a0db-001eece7d848}\Shell\Open\command - "" = resycled\ntldr.com i:
O33 - MountPoints2\{36310f1e-a7e6-11dd-a0db-001eece7d848}\Shell - "" = AutoRun
O33 - MountPoints2\{36310f1e-a7e6-11dd-a0db-001eece7d848}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9d239f38-c2fa-11dd-9280-001eece7d848}\Shell - "" = AutoRun
O33 - MountPoints2\{9d239f38-c2fa-11dd-9280-001eece7d848}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f912bf5e-caef-11dd-bb76-001eece7d848}\Shell - "" = Autorun
O33 - MountPoints2\{f912bf5e-caef-11dd-bb76-001eece7d848}\Shell\Open\command - "" = H:\RECYCLER\S-1-5-74-100029144-100029403-100011319-6573.com -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/05/09 11:37:59 | 00,267,612 | ---- | C] () -- C:\Users\Darren\Desktop\Rooter.exe
[2009/05/09 11:37:31 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/09 11:36:28 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/09 11:36:17 | 00,000,943 | ---- | C] () -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/09 11:36:16 | 00,000,763 | ---- | C] () -- C:\Users\Darren\Desktop\NTREGOPT.lnk
[2009/05/09 11:36:16 | 00,000,744 | ---- | C] () -- C:\Users\Darren\Desktop\ERUNT.lnk
[2009/05/09 11:36:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/05/09 08:57:51 | 00,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Malwarebytes
[2009/05/09 08:57:49 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/09 08:57:49 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/09 08:57:46 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/09 08:57:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/09 08:57:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/05/09 08:51:59 | 40,242,62656 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/09 02:54:27 | 00,000,063 | ---- | C] () -- C:\Windows\System\SysRegC.dll
[2009/05/09 02:54:25 | 00,000,000 | ---D | C] -- C:\Windows\MaxSecureBackup
[2009/05/07 07:58:46 | 00,001,118 | ---- | C] () -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk
[2009/05/06 22:52:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2009/05/06 22:38:10 | 00,001,230 | ---- | C] () -- C:\Users\Darren\Desktop\'Folding@Home'.lnk
[2009/05/06 22:38:09 | 00,000,000 | ---D | C] -- C:\ATI
[2009/05/06 22:31:00 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/05/06 22:31:00 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/05/06 22:30:59 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/05/06 22:29:08 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/05/06 22:29:08 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/05/06 22:29:08 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/05/06 22:29:08 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/05/06 22:29:07 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/05/06 22:29:07 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/05/06 22:29:07 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/05/06 22:29:06 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/05/06 22:29:05 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/05/06 22:29:05 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/05/06 22:29:05 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/05/06 22:29:05 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/05/06 22:29:04 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/05/06 22:29:04 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/05/06 22:29:04 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/05/06 22:29:03 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/05/06 22:29:03 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/05/06 22:29:03 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/05/06 22:29:03 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/05/06 22:29:02 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/05/06 22:29:02 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/05/06 22:29:01 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/05/06 22:29:01 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/05/06 22:29:01 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/05/06 22:29:01 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/05/06 22:29:01 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/05/06 22:29:01 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/05/06 22:29:00 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/05/06 22:29:00 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/05/06 22:29:00 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/05/06 22:28:59 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/05/06 22:28:58 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/05/06 22:28:58 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/05/06 22:28:58 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/05/06 22:28:58 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/05/06 22:28:57 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/05/06 22:28:57 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/05/06 22:28:56 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/05/06 22:28:56 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/05/06 22:28:56 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/05/06 22:28:55 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/05/06 22:28:55 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/05/06 22:28:55 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/05/06 22:28:55 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/05/06 22:28:55 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/05/06 22:28:55 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/05/06 22:28:55 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/05/06 22:28:55 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/05/06 22:28:54 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/05/06 22:28:53 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/05/06 22:28:53 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/05/06 22:28:51 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/05/02 18:05:06 | 00,000,000 | ---D | C] -- C:\.jagex_cache_32
[2009/05/02 17:02:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMall
[2009/05/02 17:02:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TV-Websites
[2009/05/02 17:02:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ffdshowEx
[2009/05/02 01:08:04 | 00,010,315 | ---- | C] () -- C:\Users\Darren\Desktop\Acheivements.xlsx
[2009/04/27 16:04:27 | 00,000,000 | ---D | C] -- C:\Users\Darren\Documents\J205
[2009/04/27 08:13:24 | 04,633,088 | ---- | C] () -- C:\Users\Darren\Desktop\Public_Rel_Class_Powerpoint.ppt
[2009/04/26 10:44:38 | 00,000,000 | ---D | C] -- C:\Users\Darren\Documents\Scholarships '09-'10
[2009/04/26 10:12:29 | 00,045,568 | ---- | C] () -- C:\Users\Darren\Desktop\uccfsa.doc
[2009/04/26 10:12:21 | 00,040,448 | ---- | C] () -- C:\Users\Darren\Desktop\uccssa.doc
[2009/04/23 08:55:05 | 00,000,000 | ---D | C] -- C:\Users\Darren\Documents\HPE 295
[2009/04/14 22:13:54 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/14 22:13:45 | 00,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/14 22:13:45 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/14 22:13:44 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/14 22:13:44 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/14 22:12:54 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/14 22:12:54 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/14 22:12:53 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/14 22:12:53 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/14 22:12:52 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/14 22:08:40 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/14 22:08:40 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/03/14 01:13:29 | 00,058,672 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008/11/30 17:53:42 | 00,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2008/11/30 17:53:41 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/11/30 17:53:41 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/11/30 17:52:00 | 00,000,218 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/11/30 17:52:00 | 00,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/02/04 19:23:10 | 00,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2006/11/02 05:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
========== Files - Modified Within 30 Days ==========
[2009/05/09 11:38:01 | 00,267,612 | ---- | M] () -- C:\Users\Darren\Desktop\Rooter.exe
[2009/05/09 11:36:17 | 00,000,943 | ---- | M] () -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/09 11:36:16 | 00,000,763 | ---- | M] () -- C:\Users\Darren\Desktop\NTREGOPT.lnk
[2009/05/09 11:36:16 | 00,000,744 | ---- | M] () -- C:\Users\Darren\Desktop\ERUNT.lnk
[2009/05/09 09:10:07 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/09 09:10:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/09 09:09:57 | 40,242,62656 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/09 09:08:21 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/05/09 08:57:49 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/09 02:54:57 | 00,000,063 | ---- | M] () -- C:\Windows\System\SysRegC.dll
[2009/05/08 21:53:09 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{17D79CA4-AE11-4BB5-A133-651155161AE8}.job
[2009/05/08 17:04:48 | 00,001,230 | ---- | M] () -- C:\Users\Darren\Desktop\'Folding@Home'.lnk
[2009/05/07 07:58:46 | 00,001,118 | ---- | M] () -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk
[2009/05/07 07:56:12 | 00,000,310 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2009/05/07 07:56:10 | 00,000,432 | -HS- | M] () -- C:\Users\Darren\Documents\desktop.ini
[2009/05/07 07:56:10 | 00,000,312 | -HS- | M] () -- C:\Users\Darren\Desktop\desktop.ini
[2009/05/06 22:34:53 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/05/05 07:34:57 | 00,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Darren.job
[2009/05/02 20:21:21 | 00,010,315 | ---- | M] () -- C:\Users\Darren\Desktop\Acheivements.xlsx
[2009/04/27 08:13:26 | 04,633,088 | ---- | M] () -- C:\Users\Darren\Desktop\Public_Rel_Class_Powerpoint.ppt
[2009/04/26 10:12:30 | 00,045,568 | ---- | M] () -- C:\Users\Darren\Desktop\uccfsa.doc
[2009/04/26 10:12:22 | 00,040,448 | ---- | M] () -- C:\Users\Darren\Desktop\uccssa.doc
[2009/04/24 07:37:26 | 00,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDarren.job
< End of report >
****I managed to get the Rooter Rootkit Detector to work, although the log makes me worry.....here's the log:
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
C:\ [Fixed] - NTFS - (Total:227364 Mo/Free:1837 Mo)
D:\ [Fixed] - NTFS - (Total:11106 Mo/Free:1321 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Sat 05/09/2009|12:26
----------------------\\ Processes..
--Locked-- [System Process]
--Locked-- System
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
--Locked-- audiodg.exe
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
---------- C:\Program Files (x86)\MediaMall\MediaMallServer.exe
---------- ???4??????
---------- C:\Windows\SMINST\BLService.exe
---------- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
---------- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
---------- ???4??????
---------- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
---------- ???4??????
---------- C:\Program Files (x86)\MediaMall\PlayOn.exe
---------- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
---------- ???4??????
---------- C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
---------- ???4??????
---------- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
---------- C:\Program Files (x86)\Internet Explorer\iexplore.exe
---------- C:\Program Files (x86)\Internet Explorer\iexplore.exe
---------- C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
---------- C:\Program Files (x86)\Internet Explorer\iexplore.exe
---------- ???4??????
---------- ???4??????
---------- C:\Program Files (x86)\Internet Explorer\iexplore.exe
---------- ???4??????
---------- ???4??????
---------- ???4??????
---------- C:\Users\Darren\Desktop\Rooter.exe
---------- C:\Windows\SysWOW64\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:36 PM, on 5/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\MediaMall\PlayOn.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Darren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MS4V5879\procexp[1].exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...S/wlscctrl2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files (x86)\MediaMall\MediaMallServer.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Unknown owner - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - c:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)
--
End of file - 10839 bytes
Edited by dstefanich, 09 May 2009 - 06:46 PM.