Hi,I have been trying to recover from a find4u hijack, and have found many postings here to be very helpful, I have followed much of the advise I have found here.I have run the following: adaware6,Spybot,Hijackthis & spywareBlaster. By doing so I have deleted the bogus winlogon along with any lines hijackthis found pointing to find4u, and I finally got find4u to stop popping up. I still see some things in my log that I am not sure of like pds.exe or gearsec.exe, here is both my latest hijackthis log and my recent spybot log, could you please tell me if anything still looks buggy, thanks in advance, Robert Logfile of HijackThis v1.97.7 Scan saved at 3:25:41 PM, on 12/18/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Personal Firewall\NISUM.exe C:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\WINDOWS\system32\gearsec.exe C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.exe C:\WINDOWS\system32\cba\pds.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe C:\Program Files\SSC\NSCTOP.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe C:\Program Files\Sony\giga pocket\GPVSvr.exe C:\WINDOWS\system32\ams_ii\hndlrsvc.exe C:\WINDOWS\system32\MsgSys.exe C:\WINDOWS\system32\cba\xfr.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\htpatch.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\System32\ezSP_Px.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\sony\giga pocket\usbsircs.exe C:\Program Files\Sony\giga pocket\ReserveModule.exe C:\Program Files\Sony\VAIO Action Setup\VAServ.exe C:\Program Files\sony\giga pocket\gps.exe C:\PROGRA~1\Sony\GIGAPO~1\Sgpcom.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office\WINWORD.exe C:\Documents and Settings\Robert Silva\Desktop\AntiSpyware\new hijack\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://clinic.mcafee.com/clinic/vso/en-us/vso4/setexp.asp?register=yes&oemid=1794-656 O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe O4 - HKLM\..\Run: [VAIOSURVEY] C:\Program Files\Sony\VAIO Survey\SurveySA.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ? O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\giga pocket\ReserveModule.exe O4 - Global Startup: VAIO Action Setup (Server).lnk = ? O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Run DAP (HKLM) O9 - Extra button: MoneySide (HKLM) O9 - Extra button: ComcastHSI (HKCU) O9 - Extra button: Support (HKCU) O9 - Extra button: Help (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish.com/SnapfishImageEditor.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,71/mcinsctl.cab O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37966.4526041667 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab SPYBOT LOG: --- Report generated: 2003-12-15 01:42 --- Alexa Related: What's related link (Replace file, fixed) C:\WINDOWS\Web\related.htm AUpdate: Autorun settings (Registry value, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SAUpdate Avenue A, Inc.: Tracking cookie or cookie of tracking site (File, fixed) C:\Documents and Settings\Robert Silva\Cookies\robert silva@atdmt[1].txt BackWeb lite: File extension link (Registry key, fixed) HKEY_CLASSES_ROOT\.bwp BackWeb lite: File extension link (Registry key, fixed) HKEY_CLASSES_ROOT\bwpfile BackWeb lite: Global settings (Registry key, fixed) HKEY_LOCAL_MACHINE\Software\BackWeb BackWeb lite: Interface ( (IBackWebChannel4_2)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{025632A0-BCEC-11D1-8B35-00609761C47A} BackWeb lite: Interface ( (IBackWebDirectoryEntry)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{0C6E0440-0B50-11D1-9951-444553540000} BackWeb lite: Interface ( (IBackWebGeneralSettings)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{12473FC3-61A7-11D0-A866-0000B43699FC} BackWeb lite: Interface ( (IBackWebSetup)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{12473FC7-61A7-11D0-A866-0000B43699FC} BackWeb lite: Interface ( (IBackWebInfoPakDownloadServices)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{2DE07D90-DC04-11D0-A875-0000B43699FC} BackWeb lite: Interface ( (IBackWebSetup4)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{3667E7B0-4F28-11D1-8ADB-00609761C47A} BackWeb lite: Interface ( (IBackWebChannelTableNotifications)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{2F523082-5A0B-11D0-9B9C-444553540000} BackWeb lite: Interface ( (IBackWebSetupNotifications)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{2F099AF0-6329-11D0-A866-0000B43699FC} BackWeb lite: Interface ( (IBackWeb2)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{23F43240-F78D-11D0-9A50-00AA004812C2} BackWeb lite: Interface ( (IBackWebStoryFieldCollection)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{1D91D9E0-004B-11D1-9951-444553540000} BackWeb lite: Interface ( (IBackWebDirectory)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{15030BC0-0B52-11D1-9951-444553540000} BackWeb lite: Interface ( (IBackWebDisplaySettings)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{12473FC6-61A7-11D0-A866-0000B43699FC} BackWeb lite: Interface ( (IBackWebCommSettings)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{12473FC5-61A7-11D0-A866-0000B43699FC} BackWeb lite: Interface ( (IBackWebDialerSettings)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{12473FC4-61A7-11D0-A866-0000B43699FC} BackWeb lite: Interface ( (IBackWebExtension)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{0F4FE440-983F-11D0-9B9C-444553540000} BackWeb lite: Interface ( (IBackWebDownloadTimeConstraintCollection)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{0D1F7C84-8123-11D0-B5CA-0000B43698D6} BackWeb lite: Interface ( (IBackWebDownloadTimeConstraint)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{0D1F7C83-8123-11D0-B5CA-0000B43698D6} BackWeb lite: Interface ( (IBackWebFileAccess)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{3AF78A6E-6F14-11D1-A884-0000B43699FC} BackWeb lite: Interface ( (IBackWebInfoPakFile)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{3AF78A74-6F14-11D1-A884-0000B43699FC} BackWeb lite: Interface ( (IBackWebDirectoryNotifications)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{41CEBDC0-32C1-11D1-9951-444553540000} BackWeb lite: Interface ( (IBackWebInfoPakNotifications)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{4A3666F3-5F2D-11D0-A866-0000B43699FC} BackWeb lite: Interface ( (IBackWebChannelCollection)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{53FCF35A-5323-11D0-A864-0000B43699FC} BackWeb lite: Interface ( (IBackWebStoryField)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{5B1E13A0-004B-11D1-9951-444553540000} BackWeb lite: Interface ( (IBackWebFileAccessViaDir)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{608FE360-6FB2-11D1-A885-0000B43699FC} BackWeb lite: Interface ( (IBackWebAlertSettings)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{72B62B40-17D1-11D1-96A7-F8E906C10000} BackWeb lite: Interface ( (IBackWebPlayer)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{8028B940-4932-11D1-9951-444553540000} BackWeb lite: Interface ( (IBackWebChannelDownloadServices)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{9132E380-DC21-11D0-A875-0000B43699FC} BackWeb lite: Interface ( (IBackWebChannel2)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{9647FB70-DC0F-11D0-A875-0000B43699FC} BackWeb lite: Interface ( (IBackWebAllStoryCollection)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{9DB46423-FF61-11D0-9951-444553540000} BackWeb lite: Interface ( (IBackWebChannelVariableCollection)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{A4BC67F0-6C90-11D0-A866-0000B43699FC} BackWeb lite: Interface ( (IBackWebCommunications)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{BAD37BC0-2231-11D1-9951-444553540000} BackWeb lite: Interface ( (IBackWebFilterSettings)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{C8CEEEE0-17D6-11D1-96A7-F8E906C10000} BackWeb lite: Interface ( (IBackWebGeneralSettings2)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{E01AD640-F87D-11D0-9A50-00AA004812C2} BackWeb lite: Interface ( (IBackWebInfoPak)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{EB1FFFC2-5688-11D0-A865-0000B43699FC} BackWeb lite: Interface ( (IBackWebChannelVariable)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{FEFCA7F0-6C8E-11D0-A866-0000B43699FC} BackWeb lite: Interface ( (IBackWebInfoPakCollection)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{EB1FFFC1-5688-11D0-A865-0000B43699FC} BackWeb lite: Interface ( (IBackWebApplicationNotifications)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{D0894D60-6C6C-11D0-A866-0000B43699FC} BackWeb lite: Interface ( (IBackWebChannelCollection4)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{BCD0C200-69C1-11D1-8AF8-00609761C47A} BackWeb lite: Interface ( (IBackWebChannel4)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{AEE96320-2131-11D1-9951-444553540000} BackWeb lite: Interface ( (IBackWebStory)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{9DB46424-FF61-11D0-9951-444553540000} BackWeb lite: Interface ( (IBackWebStoryCollection)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{9DB46422-FF61-11D0-9951-444553540000} BackWeb lite: Interface ( (IBackWebItemDownloadServices)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{93BF8F00-DBE8-11D0-A875-0000B43699FC} BackWeb lite: Interface ( (IBackWebAllInfoPakCollection)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{8131F530-649E-11D0-A866-0000B43699FC} BackWeb lite: Interface ( (IBackWeb4)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{740904E0-0BFB-11D1-9951-444553540000} BackWeb lite: Interface ( (IBackWebInfoPak4_2)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{610141C2-7701-11D1-B042-004095903824} BackWeb lite: Interface ( (IBackWebDirectoryEntryCollection)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{5DF6CE40-0B50-11D1-9951-444553540000} BackWeb lite: Interface ( (IBackWebChannel)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{53FCF35B-5323-11D0-A864-0000B43699FC} BackWeb lite: Interface ( (IBackWeb)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{53FCF355-5323-11D0-A864-0000B43699FC} BackWeb lite: Interface ( (IBackWebStoryTableNotifications)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{44230BC0-3105-11D1-9951-444553540000} BackWeb lite: Interface ( (IBackWebOpenInfoPakFile)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{3AF78A77-6F14-11D1-A884-0000B43699FC} BackWeb lite: Interface ( (IBackWebInfoPakFilesCollection)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{3AF78A71-6F14-11D1-A884-0000B43699FC} BackWeb lite: Interface ( (IBackWebDisplaySettings4_2)) (Registry key, fixed) HKEY_CLASSES_ROOT\Interface\{001B3F20-D866-11D1-8B4C-00609761C47A} BackWeb lite: Main executable (File, fixed) C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe BackWeb lite: Netscape viewer (Registry value, fixed) HKEY_USERS\S-1-5-21-4252379429-1418258077-1035699850-1005\Software\Netscape\Netscape Navigator\Viewers\application/x-iad BackWeb lite: Netscape viewer (Registry value, fixed) HKEY_USERS\S-1-5-21-4252379429-1418258077-1035699850-1005\Software\Netscape\Netscape Navigator\Viewers\application/x-bwpreview Comet Cursors: Typelib ( (ComUtil 1.0 Type Library)) (Registry key, fixed) HKEY_CLASSES_ROOT\Typelib\{FA6F74E5-0277-11D3-9B19-00104B279EC4} Download Accelerator Plus: Default ad server (Registry change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultServer=http://127.0.0.1 Download Accelerator Plus ads: Ad category (Registry key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSSecondMedia Download Accelerator Plus ads: Banner (Replace file, nothing done) C:\PROGRA~1\DAP\dap.gif Download Accelerator Plus ads: Browser helper object (Registry key, nothing done) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852} Download Accelerator Plus ads: Class (Registry key, nothing done) HKEY_CLASSES_ROOT\DAPIEBar.CBAREventer.1 Download Accelerator Plus ads: Class (Registry key, nothing done) HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBand.1 Download Accelerator Plus ads: Class (Registry key, nothing done) HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBand Download Accelerator Plus ads: Class (Registry key, nothing done) HKEY_CLASSES_ROOT\DAPIEBar.CBAREventer Download Accelerator Plus ads: Class (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{0000CC75-ACF3-4cac-A0A9-DD3868E06852} Download Accelerator Plus ads: Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{235D7A27-DE65-49F0-BFCF-D5C3BC3B2E67} Download Accelerator Plus ads: Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{62999427-33FC-4baf-9C9C-BCE6BD127F08} Download Accelerator Plus ads: Default ad category (Registry change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultCategory=Default Download Accelerator Plus ads: IE extension (Registry key, nothing done) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C} Download Accelerator Plus ads: Typelib (Registry key, nothing done) HKEY_CLASSES_ROOT\Typelib\{79516451-3E3E-453a-8968-37942F7979F3} Download Accelerator Plus ads: Typelib ( (DAPBHO 1.0 Type Library)) (Registry key, nothing done) HKEY_CLASSES_ROOT\Typelib\{095006D5-6DA6-4CDC-864E-7498015816BC} Download Accelerator Plus ads: Typelib (Registry key, nothing done) HKEY_CLASSES_ROOT\Typelib\{72920511-E300-44c1-8565-2FD66D7A7246} DSO Exploit: Data source object exploit (Registry change, fixed) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3 DSO Exploit: Data source object exploit (Registry change, fixed) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3 DSO Exploit: Data source object exploit (Registry change, fixed) HKEY_USERS\S-1-5-21-4252379429-1418258077-1035699850-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3 DSO Exploit: Data source object exploit (Registry change, fixed) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3 DSO Exploit: Data source object exploit (Registry change, fixed) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3 --- Spybot-S&D version: 1.2 --- 2003-11-05 Includes\Cookies.sbi 2003-11-05 Includes\Dialer.sbi 2003-11-24 Includes\Hijackers.sbi 2003-11-11 Includes\Keyloggers.sbi 2003-11-20 Includes\Malware.sbi 2003-03-16 Includes\plugin-ignore.ini 2003-11-12 Includes\QA Tests.sbi 2003-11-05 Includes\Security.sbi 2003-11-24 Includes\Spybots.sbi 2003-11-21 Includes\Temporary.sbi 2003-11-05 Includes\Tracks.uti 2003-11-21 Includes\Trojans.sbi

Robert, you have done well. For those items unknown, simply run a google search for them and track them down. e.g. gearsec.exe http://www.gearsoftware.com/gearmegaboard/detail.cfm?threadparentid=569&boardid=8 GEAR's API is used in data storage software, audio/video related software, and just about anything that might want to write to a recordable disc. Let us know if problems appear; or if you get stuck on something. Someone here will know. Not that we don't wanna help; but the searches take valuable time that can be used to help fixing problems, that less competent people can't fix. The log looks ok at first glance; just those unknown time consuming program files to chase down.