OK here it is: I have a popup website that I can NOT get rid of. I have run my norton, win defender and, AdAware scans and removed what they found but the website is still opening. It actually opens on its own; I don't even have to be on the internet for it to open. Its driving me nuts please help!

Run the following scans and post there logs. Please download Malwarebytes' Anti-Malware from one of these sites: MalwareBytes1 MalwareBytes2 1. Double Click mbam-setup.exe to install the application. 2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. 3. If an update is found, it will download and install the latest version. 4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. 5. When the scan is complete, click OK, then Show Results to view the results. 6. Make sure that everything found is checked, and click Remove Selected. 7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. 8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. 9. Copy&Paste the entire report in your next reply. Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Here are the resaults: Malwarebytes' Anti-Malware 1.30 Database version: 1381 Windows 6.0.6001 <a onMouseOver="javascript:window.status='service pack';return true;" onMouseOut="javascript:window.status='';return true;" href="http://canadasrv.info?v=1%2E21&ss=Service+Pack">Service Pack 1 11/10/2008 5:52:16 PM mbam-log-2008-11-10 (17-52-16).txt Scan type: Quick Scan Objects scanned: 48805 Time elapsed: 7 minute(s), 32 second(s) Memory Processes Infected: 0 <a onMouseOver="javascript:window.status='memory modules';return true;" onMouseOut="javascript:window.status='';return true;" href="http://canadasrv.info?v=1%2E21&ss=Memory+Modules">Memory Modules Infected: 0 Registry Keys Infected: 16 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. Files Infected: C:\Windows\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully. C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:00:18 PM, on 11/10/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.exe C:\Windows\system32\taskeng.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Hp\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Lexmark 2400 Series\lxcrmon.exe C:\Program Files\Lexmark 2400 Series\ezprint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\mondrv411.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\RapidSolution\Tunebite\Tunebite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ppcbooster\ppcb_32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Program Files\GetDiz\GetDiz.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\User\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.exe C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mondrv411] C:\Windows\mondrv411.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O13 - Gopher Prefix: O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Please download ComboFix to the desktop from one of the following links: Link1 Link 2 Link 3 Combofix is a powerful tool so follow the instructions exactly or you could damage your computer. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results". Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. In your case to run Combofix do the following: 1. Go offline turn off your Norton's antivirus, Windows Defender, Ad-Aware and any other antispyware that you may have. 2. Run Combofix and save its log. 3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned. 4. Post the Combofix log. Remember to re-enable the protection again afterwards before connecting to the Internet. Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running or move the mouse, it will cause your system to hang.) Please post the log it produces.

Done: ComboFix 08-11-09.04 - User 2008-11-10 19:40:46.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1022 [GMT -5:00] Running from: c:\downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\ppcbooster c:\program files\ppcbooster\ppcb_32.exe c:\program files\ppcbooster\ppcbu_32.exe c:\users\User\AppData\Roaming\inst.exe c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppcb_32.lnk c:\windows\cor704836.exe c:\windows\ee3362.exe c:\windows\eo4.exe c:\windows\h288.exe c:\windows\j414.exe c:\windows\lik02.exe c:\windows\mondrv411.exe c:\windows\tj85.exe c:\windows\tjyvb346054.exe . ((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))) . 2008-11-10 17:40 . 2008-11-10 17:40 <DIR> d-------- c:\users\User\AppData\Roaming\Malwarebytes 2008-11-10 17:40 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-10 17:39 . 2008-11-10 17:39 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-11-10 17:39 . 2008-11-10 17:39 <DIR> d-------- c:\programdata\Malwarebytes 2008-11-10 17:39 . 2008-11-10 17:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-10 17:39 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-09 15:36 . 2008-11-09 15:37 <DIR> d-------- c:\users\All Users\Lavasoft 2008-11-09 15:36 . 2008-11-09 15:37 <DIR> d-------- c:\programdata\Lavasoft 2008-11-09 15:36 . 2008-11-09 15:36 <DIR> d-------- c:\program files\Lavasoft 2008-11-09 15:35 . 2008-11-09 15:35 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-05 16:56 . 2008-11-05 16:56 <DIR> d-------- c:\program files\DNS Lander 2008-10-28 13:51 . 2008-08-11 22:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-10-28 13:51 . 2008-09-17 23:56 147,456 --a------ c:\windows\System32\Faultrep.dll 2008-10-28 13:51 . 2008-09-17 23:56 125,952 --a------ c:\windows\System32\wersvc.dll 2008-10-28 08:29 . 2008-08-05 04:49 428,544 --a------ c:\windows\System32\EncDec.dll 2008-10-28 08:29 . 2008-08-05 04:49 293,376 --a------ c:\windows\System32\psisdecd.dll 2008-10-28 08:29 . 2008-08-05 04:48 217,088 --a------ c:\windows\System32\psisrndr.ax 2008-10-28 08:29 . 2008-08-05 04:48 177,664 --a------ c:\windows\System32\mpg2splt.ax 2008-10-28 08:29 . 2008-08-05 04:48 80,896 --a------ c:\windows\System32\MSNP.ax 2008-10-22 20:28 . 2008-10-22 20:27 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys 2008-10-22 20:27 . 2008-10-22 20:27 <DIR> d-------- c:\windows\System32\drivers\NIS 2008-10-22 20:27 . 2008-10-22 20:27 <DIR> d-------- c:\program files\Symantec 2008-10-22 20:27 . 2008-10-22 20:27 <DIR> d-------- c:\program files\Norton Internet Security 2008-10-22 20:27 . 2008-10-22 20:27 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS 2008-10-22 10:00 . 2008-10-22 10:00 <DIR> d-------- c:\users\All Users\PCSettings 2008-10-22 10:00 . 2008-10-22 10:00 <DIR> d-------- c:\users\All Users\NortonInstaller 2008-10-22 10:00 . 2008-10-22 20:28 <DIR> d-------- c:\users\All Users\Norton 2008-10-22 10:00 . 2008-10-22 10:00 <DIR> d-------- c:\programdata\PCSettings 2008-10-22 10:00 . 2008-10-22 10:00 <DIR> d-------- c:\programdata\NortonInstaller 2008-10-22 10:00 . 2008-10-22 20:28 <DIR> d-------- c:\programdata\Norton 2008-10-22 10:00 . 2008-10-22 10:00 <DIR> d-------- c:\program files\NortonInstaller 2008-10-22 09:54 . 2008-10-22 09:54 <DIR> d-------- c:\users\All Users\Symantec Temporary Files 2008-10-22 09:54 . 2008-10-22 09:54 <DIR> d-------- c:\programdata\Symantec Temporary Files 2008-10-19 08:31 . 2008-09-17 21:16 2,032,640 --a------ c:\windows\System32\win32k.sys 2008-10-19 08:30 . 2008-09-18 00:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe 2008-10-19 08:30 . 2008-09-18 00:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe 2008-10-19 08:30 . 2008-10-01 20:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2008-10-19 08:30 . 2008-10-01 22:49 827,392 --a------ c:\windows\System32\wininet.dll 2008-10-19 08:30 . 2008-08-26 20:06 288,768 --a------ c:\windows\System32\drivers\srv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-11 00:28 --------- d-----w c:\users\User\AppData\Roaming\Tunebite 2008-11-11 00:10 12,978 ----a-w c:\users\User\AppData\Roaming\nvModes.dat 2008-11-10 21:30 --------- d-----w c:\programdata\WholeSecurity 2008-11-09 02:45 --------- d-----w c:\users\User\AppData\Roaming\ICAClient 2008-11-09 02:45 --------- d-----w c:\program files\Microsoft Works 2008-11-09 02:45 --------- d-----w c:\program files\LimeWire 2008-11-09 02:45 --------- d-----w c:\program files\Common Files\Adobe 2008-11-06 18:27 --------- d-----w c:\users\User\AppData\Roaming\LimeWire 2008-11-06 17:42 --------- d-----w c:\users\User\AppData\Roaming\Move Networks 2008-10-31 13:51 1,420 ----a-w c:\users\User\AppData\Roaming\wklnhst.dat 2008-10-29 01:16 --------- d-----w c:\programdata\Roxio 2008-10-23 20:06 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-10-23 01:29 --------- d-----w c:\programdata\Symantec 2008-10-23 01:27 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2008-10-23 01:27 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2008-10-22 18:22 --------- d-----w c:\users\User\AppData\Roaming\DVD Flick 2008-10-20 01:16 --------- d-----w c:\program files\Windows Mail 2008-10-20 00:05 --------- d-----w c:\programdata\Microsoft Help 2008-10-11 01:03 --------- d-----w c:\program files\lx_cats 2008-10-01 20:35 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-01 20:35 --------- d-----w c:\program files\Common Files\Nikon 2008-10-01 20:34 0 ---h--w c:\users\All Users\PKP_DLds.DAT 2008-10-01 20:34 0 ---h--w c:\programdata\PKP_DLds.DAT 2008-10-01 20:29 --------- d-----w c:\programdata\BVRP Software 2008-10-01 20:22 --------- d-----w c:\users\User\AppData\Roaming\Apple Computer 2008-09-30 21:15 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-09-30 21:12 --------- d-----w c:\program files\iPod Access for Windows 2008-09-30 21:01 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-09-30 19:14 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-30 19:14 --------- d-----w c:\program files\iTunes 2008-09-30 19:14 --------- d-----w c:\program files\iPod 2008-09-30 19:12 --------- d-----w c:\program files\QuickTime 2008-09-30 19:12 --------- d-----w c:\program files\Common Files\Apple 2008-09-30 18:59 --------- d-----w c:\program files\Bonjour 2008-09-28 22:12 --------- d-----w c:\programdata\WindowsSearch 2008-09-17 20:12 174 --sha-w c:\program files\desktop.ini 2008-09-17 20:00 --------- d-----w c:\program files\Windows Sidebar 2008-09-17 20:00 --------- d-----w c:\program files\Windows Calendar 2008-09-17 19:59 --------- d-----w c:\program files\Windows Photo Gallery 2008-09-17 19:59 --------- d-----w c:\program files\Windows Journal 2008-09-17 19:59 --------- d-----w c:\program files\Windows Defender 2008-09-17 19:59 --------- d-----w c:\program files\Windows Collaboration 2008-09-17 19:27 82,432 ----a-w c:\windows\System32\axaltocm.dll 2008-09-17 19:27 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2008-08-29 14:18 87,336 ----a-w c:\windows\System32\dns-sd.exe 2008-08-29 13:53 61,440 ----a-w c:\windows\System32\dnssd.dll 2008-03-30 21:58 20 ---h--w c:\users\All Users\PKP_DLec.DAT 2008-03-30 21:58 20 ---h--w c:\programdata\PKP_DLec.DAT 2008-03-22 14:58 47,360 ----a-w c:\users\User\AppData\Roaming\pcouffin.sys 2008-02-01 17:32 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-02-01 17:32 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-02-01 17:32 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2007-11-21 19:25 22 --sha-w c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-03 171448] "BitComet"="c:\program files\BitComet\BitComet.exe" [2008-07-17 2599224] "Tunebite"="c:\program files\RapidSolution\Tunebite\Tunebite.exe" [2007-12-12 4937008] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-28 176128] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 286720] "EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816] "LXCRCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-28 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-28 7770112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-28 81920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{D1A0DAED-B4D9-417E-91AA-F1CB28090FF5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CF420997-A179-42A8-A833-07F6C1DE2F71}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FABC5D01-90B9-4323-978A-1BC9E0C4B648}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{9D839C64-DF27-43D5-9374-45F410999409}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{3E1165D4-6501-4D5C-B527-FD0719E2BFBF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{AF3360B3-52FB-47E0-B472-39F5E0A261E2}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{6466F7C8-9789-4F93-B00F-3F85CFE814FB}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{2346F100-EA86-48A7-B581-AAFCBAC9515D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{9EF3943E-DCE5-480B-ADBE-BDF50FFDB414}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{118BCD34-FAA4-4805-883F-0965C17EE6F0}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{0038FC09-74E9-406F-90DE-EA43A2B6C956}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{7604E4ED-882E-4F16-8ED1-AF3ED04C8B0E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{D13A0F48-5BB9-4C48-BF22-35E480FFBFEF}"= UDP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System "{C53B897E-1E29-4C99-A2D4-E825183B7B61}"= TCP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System "{EABD9021-DB34-4583-AE48-1E3C158E0EEB}"= Disabled:UDP:135:TCP Port 135 "{65BDB570-D45F-49FB-897F-63BAE294FE4C}"= Disabled:UDP:5000:TCP Port 5000 "{4F68026F-83B1-4A89-8AE8-657A4C70D54D}"= Disabled:UDP:5001:TCP Port 5001 "{53D2ECE7-930E-4856-8911-910EE91DA657}"= Disabled:UDP:5002:TCP Port 5002 "{3C5CF32D-B05F-47BA-8ED8-FFC5EDFF6F84}"= Disabled:UDP:5003:TCP Port 5003 "{7462E4A5-2808-4691-9BBA-AD471F7E5EA5}"= Disabled:UDP:5004:TCP Port 5004 "{F079B5C8-6320-4483-BFE6-74FB8D0AD721}"= Disabled:UDP:5005:TCP Port 5005 "{75E1017A-B58A-40BD-9677-02A16E27A4CA}"= Disabled:UDP:5006:TCP Port 5006 "{372CD979-4B45-4E4C-AEA7-D95386296D6D}"= Disabled:UDP:5007:TCP Port 5007 "{922B72DA-936C-494C-B80F-4B6FB6E73053}"= Disabled:UDP:5008:TCP Port 5008 "{D69E0A17-C725-4742-A707-C04E42B0E778}"= Disabled:UDP:5009:TCP Port 5009 "{540EE872-2287-4CD1-9A68-50C6FE908ADC}"= Disabled:UDP:5010:TCP Port 5010 "{5FDDEB11-DE7F-4101-83AD-BD179DA03F71}"= Disabled:UDP:5011:TCP Port 5011 "{E01143C4-B3DE-4E59-8ECD-4C392D928F60}"= Disabled:UDP:5012:TCP Port 5012 "{2D942FC5-5F92-4166-9774-1A84092031D1}"= Disabled:UDP:5013:TCP Port 5013 "{20BACA93-2A52-4E2B-B07B-2D67692A6276}"= Disabled:UDP:5014:TCP Port 5014 "{BF6A6649-1F97-4386-8739-8C4EF6A9CF56}"= Disabled:UDP:5015:TCP Port 5015 "{B6D67D84-E789-47F0-B8A1-E7D3C46F9C69}"= Disabled:UDP:5016:TCP Port 5016 "{1344B438-40DE-4812-8358-DE9E0264F76C}"= Disabled:UDP:5017:TCP Port 5017 "{F3D2D10B-333B-456E-A613-B7CFFB803EE3}"= Disabled:UDP:5018:TCP Port 5018 "{352A07FF-1E12-4D25-B91E-C38AF5A35142}"= Disabled:UDP:5019:TCP Port 5019 "{D5E30193-6FA6-4CC6-9335-06D39629B8F0}"= Disabled:UDP:5020:TCP Port 5020 "{5D646C4D-9728-4EE0-9485-B1BF5B4B4F94}"= Disabled:UDP:135:TCP Port 135 "TCP Query User{1D1BBC34-1C6D-491E-AD08-F20A96BF9EDF}c:\\program files\\lexmark 2500 series\\lxddamon.exe"= UDP:c:\program files\lexmark 2500 series\lxddamon.exe:Lexmark Device Monitor "UDP Query User{D32CA1B1-FD5C-4699-A015-CC6D4A603979}c:\\program files\\lexmark 2500 series\\lxddamon.exe"= TCP:c:\program files\lexmark 2500 series\lxddamon.exe:Lexmark Device Monitor "{ED82FC29-DCF7-4122-B149-0680723E2EAA}"= UDP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio "{047EAAB1-84D0-497A-A712-59DA9BB7183C}"= TCP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio "{38D78787-1111-4581-879B-6A6D1A6F9F45}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System "{29FB26E9-F1DC-4FE6-BDAD-41D4C66405D8}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System "{38710BE1-0F79-4360-AD1E-6A51EC544303}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exe: "{4296C430-3C1F-457A-9B4D-589A90D837B5}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exe: "{D2EA17D0-5DC6-47A0-99E1-7A8D3AF3B823}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe: "{7DC3CD9D-79DE-4324-8BD8-24F3FB58F1FA}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe: "{750D8D2F-55D9-47E1-A351-0B16FC50C2F0}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe: "{B3FD0948-0A08-4C92-8031-68219879B4E5}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe: "{E6E5E544-D75A-4057-B06D-F3736C85435C}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe: "{06C04095-9F4B-4ECA-B8C9-B9ADF622FAA1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe: "{13F1CC52-465E-4F2A-B531-52152362DAFF}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service "{09515441-2332-4431-B88A-21E4DB54EA58}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service "{9C54EAE8-E8F2-4253-B320-7715E737188D}"= TCP:67:0.0.0.0:DHCP Discovery Service "TCP Query User{F931B361-49D3-4836-88AE-974A939129C3}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{1A4B09BF-6F4D-44A2-A469-545FEE37B740}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{0030370F-3767-44B1-9DDB-E2C2EE470076}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{D7DF24F1-306E-49BF-8DA9-96B5632633C7}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{907D6EA4-DED6-419A-B21B-BD6CA3A1B08D}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{8EDA60EE-5EC9-49B5-925B-D14D7BB45078}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "{FE11C20D-C216-41B9-8B30-09EF0DE06930}"= UDP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper "{65D10877-472C-4D34-94AD-7E3E7E0095A6}"= TCP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper "{B1E6A247-27DB-4A7C-90D1-F535378E507A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{D1F6A0D1-11D8-4A86-9683-870A496DC29C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{5CCB1BBA-0A16-4A6A-AEFF-23FBDA54C8B7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{5EFBDE1E-1A0B-4DF2-82B7-46DA2B8BE268}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-10-22 309296] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-10-22 254512] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-10-22 362544] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081108.003\IDSvix86.sys [2008-10-22 289840] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ] R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\DRIVERS\NETGEARUHOST.sys [2007-03-08 13824] R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\DRIVERS\NETGEARUHUB.sys [2007-03-08 35840] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 73472] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\NIS\1000000.07D\SYMNDISV.SYS [2008-10-22 40496] S3 GameConsoleService;GameConsoleService;c:\program files\HP Games\My HP Game Console\GameConsoleService.exe [2008-03-28 165416] S3 NETGEARUCOMP;NETGEAR Network USB Composite Device;c:\windows\system32\DRIVERS\NETGEARUCOMP.sys [2007-03-08 14336] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224] S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2006-11-28 27072] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e619e357-af0c-11dc-8b90-001b249e7d82}] \shell\AutoRun\command - ypsniox.exe \shell\explore\Command - ypsniox.exe \shell\open\Command - ypsniox.exe *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2008-09-23 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - User.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [] . - - - - ORPHANS REMOVED - - - - HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe HKLM-Run-mondrv411 - c:\windows\mondrv411.exe . ------- Supplementary Scan ------- . R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm O8 -: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm O8 -: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-10 19:44:29 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCRCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-10 19:47:22 ComboFix-quarantined-files.txt 2008-11-11 00:46:29 Pre-Run: 82,649,247,744 bytes free Post-Run: 84,006,809,600 bytes free 295 --- E O F --- 2008-10-28 21:19:25

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Download ATF Cleaner from this link: http://www.majorgeeks.com/ATF_Cleaner_d4949.html Run ATF-Cleaner Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Please run Esets online scanner from this link: ESET 1. Note: You will need to use Internet explorer for this scan 2. Tick the box next to YES, I accept the Terms of Use. 3. Click Start 4. When asked, allow the activex control to install 5. Click Start 6. Make sure that the option Remove found threats is unticked ( Iwant to see what is found first), and the option Scan unwanted applications is checked 7. Click Scan 8. Wait for the scan to finish 9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 10. Copy and paste that log in your next reply.

hey jabuck is that AFT cleaner like spywareblaster, I get that from majorgeeks as well and i never have a popup issue..??? Marshall