Possible virus that keeps logging me out on different websites and on my iTouch.

[stewie-Y]

I'm just going to copy a thread I wrote in another section since I was told to put it here.

Hello. I have a rather annoying problem that I could really use some help with.

So, my main computer(using a laptop right now) is having troubles on some websites. On Facebook and forums(maybe other sites I haven't discovered yet) it logs me out every time I change a page. This makes it impossible to do anything on those websites.

Yahoo Answers doesn't seem to do this, though. It works fine there.

And, strangely, this is also happening on my iTouch.

I was told it was a virus, but I doubt it because I'm not sure if multi-platform viruses even exist. Anyways, set my computer to start with last known good configuration and I ran Avast, AVG Antivirus, Malwarebytes, and 1 other anti-virus program and, even though they did find some stuff and removed it, the problem persists.
All scans were thorough through every file on the computer, and I even scanned twice with each program. The second scans showed absolutely nothing on my computer.

EDIT: Forgot to mention that this happens in Google Chrome and Internet Explorer.
Also, now my iTouch will not play Youtube videos, if that has anything to do with this problem.

So, could anybody please help me? It would be very much appreciated. Thank you!

[SuperDave]

The first thing I will need you to do is to go to this link and follow the directions precisely. We will need the SAS, MBAM and HJT logs.

[stewie-Y]

Here are the logs.


SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/02/2010 at 02:24 PM

Application Version : 4.31.1000

Core Rules Database Version : 4441
Trace Rules Database Version: 2265

Scan type       : Complete Scan
Total Scan Time : 00:54:19

Memory items scanned      : 905
Memory threats detected   : 0
Registry items scanned    : 4965
Registry threats detected : 0
File items scanned        : 95398
File threats detected     : 0










MBAM:

Malwarebytes' Anti-Malware 1.43
Database version: 3482
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/2/2010 2:30:04 PM
mbam-log-2010-02-02 (14-30-04).txt

Scan type: Quick Scan
Objects scanned: 113931
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:05 PM, on 2/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Aaron Tholl\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Aaron Tholl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Aaron Tholl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Aaron Tholl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Aaron Tholl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Aaron Tholl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Aaron Tholl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15153&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Aaron Tholl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 12288 bytes

[harry 48]

you have 2 anti-virus please remove 1 avast is the best of the 2

[stewie-Y]

Okay, I removed AVG Free.

[harry 48]

ok , its a matter of waiting for an expert, harry

[SuperDave]

Hello stewie-y  and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I'm sorry for being so late in replying to you. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

it logs me out every time I change a page

Could you please explain this statement?

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

Add or Remove Programs

1. Click on the Windows Start button and click on the Control Panel
2. In the Control Panel window, double-click Add or Remove Programs icon.
3. When the Add or Remove Programs window has fully populated, check for Ask.com and uninstall it.

I noticed in your HJT log that you are running a P2P file-sharing program (uTorrent) on your computer. While the program itself is probably safe, the files you download with this program is a major source of infections. Therefore, I strongly urge you to uninstall it.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[stewie-Y]

Thank you for your help, SuperDave.

What I mean by "It logs me out every time I change a page" is that, on some sites, I will log in. Then, after I log in, when I click a link to navigate through the website, on arrival of the next page I will not be logged in anymore. Or, like Facebook, when I log in it automatically loads a new page that prompts me to log in again.

And, in HijackThis, none of those options were there so I did not have to do anything.

Here are the logs:
Combofix Log

ComboFix 10-01-04.01 - Aaron Tholl 02/05/2010  15:50:00.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2772 [GMT -7:00]
Running from: c:\documents and settings\Aaron Tholl\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100105-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\grecorder.dll
c:\windows\system32\SIntf16.dll

.
(((((((((((((((((((((((((   Files Created from 2010-01-05 to 2010-02-05  )))))))))))))))))))))))))))))))
.

2010-02-05 22:25 . 2010-02-05 22:25   --------   d-----w-   c:\program files\AGEIA Technologies
2010-02-05 22:25 . 2010-02-05 22:25   --------   d-----w-   c:\windows\system32\AGEIA
2010-02-05 22:25 . 2010-02-05 22:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-02-05 22:25 . 2010-02-05 22:26   --------   d-----w-   c:\program files\NVIDIA Corporation
2010-02-05 22:24 . 2009-11-21 02:34   69632   ----a-w-   c:\windows\system32\OpenCL.dll
2010-02-05 22:24 . 2009-11-21 02:34   2259560   ----a-w-   c:\windows\system32\nvcuvid.dll
2010-02-05 22:24 . 2009-11-21 02:34   1989224   ----a-w-   c:\windows\system32\nvcuvenc.dll
2010-02-05 22:24 . 2009-11-21 02:34   2293286   ----a-w-   c:\windows\system32\nvdata.bin
2010-02-05 22:24 . 2009-11-21 02:34   11374592   ----a-w-   c:\windows\system32\nvcompiler.dll
2010-02-05 22:24 . 2010-02-05 22:24   --------   d-----w-   C:\NVIDIA
2010-02-05 11:32 . 2008-05-30 21:17   25608   ----a-w-   c:\windows\system32\X3DAudio1_4.dll
2010-02-03 19:40 . 2010-02-03 19:40   --------   d-sh--w-   c:\documents and settings\asdfsda\PrivacIE
2010-02-03 19:40 . 2010-02-03 19:40   --------   d-----w-   c:\documents and settings\asdfsda\Application Data\Yahoo!
2010-02-03 19:39 . 2010-02-03 19:46   --------   d-----w-   c:\documents and settings\asdfsda\Local Settings\Application Data\AskToolbar
2010-02-03 19:38 . 2010-02-03 19:38   --------   d-----w-   c:\documents and settings\asdfsda\Local Settings\Application Data\Mozilla
2010-02-03 19:33 . 2010-02-03 19:48   --------   d-----w-   c:\documents and settings\asdfsda\Application Data\Apple Computer
2010-02-02 21:31 . 2010-02-02 21:31   --------   d-----w-   c:\program files\Trend Micro
2010-02-02 19:12 . 2010-02-02 19:16   --------   d-----w-   c:\documents and settings\Aaron Tholl\Application Data\Xfire
2010-02-02 19:12 . 2010-02-02 19:13   --------   d-----w-   c:\program files\Xfire
2010-02-02 18:36 . 2009-03-27 08:16   12672   ----a-w-   c:\windows\system32\drivers\cpuz132_x32.sys
2010-02-02 18:36 . 2010-02-02 18:36   --------   d-----w-   c:\program files\CPUID
2010-02-02 17:45 . 2010-02-02 17:45   --------   d-----w-   c:\program files\ZD Soft
2010-02-02 17:41 . 2010-02-02 17:44   --------   d-----w-   c:\program files\Warcraft III
2010-02-01 12:30 . 2010-02-01 12:30   --------   d-----w-   c:\program files\Audacity
2010-02-01 02:25 . 2010-02-03 19:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-01 02:25 . 2010-02-01 02:25   --------   d-----w-   c:\documents and settings\Aaron Tholl\Application Data\Yahoo!
2010-02-01 02:25 . 2010-02-01 02:25   --------   d-----w-   c:\program files\Yahoo!
2010-02-01 02:25 . 2010-02-01 02:25   --------   d-----w-   c:\program files\CCleaner
2010-02-01 02:24 . 2010-02-02 20:28   52224   ----a-w-   c:\documents and settings\Aaron Tholl\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-01 02:24 . 2010-02-02 20:28   117760   ----a-w-   c:\documents and settings\Aaron Tholl\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-01 02:23 . 2010-02-01 02:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-01 02:23 . 2010-02-01 02:23   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-01 02:23 . 2010-02-01 02:23   --------   d-----w-   c:\documents and settings\Aaron Tholl\Application Data\SUPERAntiSpyware.com
2010-02-01 02:22 . 2010-02-01 02:22   --------   d-----w-   c:\documents and settings\Aaron Tholl\Application Data\Malwarebytes
2010-02-01 02:22 . 2009-12-30 21:55   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 02:22 . 2010-02-01 02:22   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-01 02:22 . 2010-02-01 02:22   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-02-01 02:22 . 2009-12-30 21:54   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-01 00:35 . 2010-02-01 00:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Temp
2010-02-01 00:35 . 2010-02-01 00:35   36864   ----a-w-   c:\documents and settings\All Users\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 22:35 . 2009-10-17 07:38   --------   d-----w-   c:\documents and settings\Aaron Tholl\Application Data\uTorrent
2010-02-05 22:25 . 2009-10-08 21:49   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-05 22:21 . 2009-12-31 04:55   --------   d-----w-   c:\program files\SystemRequirementsLab
2010-02-05 21:55 . 2009-12-27 01:36   --------   d-----w-   c:\documents and settings\Aaron Tholl\Application Data\Skype
2010-02-05 16:03 . 2010-02-05 11:32   --------   d-----w-   c:\program files\Cryptic Studios
2010-02-05 15:08 . 2009-12-27 01:38   --------   d-----w-   c:\documents and settings\Aaron Tholl\Application Data\skypePM
2010-02-05 11:28 . 2009-09-26 17:39   --------   d-----w-   c:\program files\LogMeIn
2010-02-03 19:32 . 2010-02-03 19:32   --------   d-----w-   c:\documents and settings\asdfsda\Application Data\HP
2010-02-03 19:32 . 2010-02-03 19:32   41184   ----a-w-   c:\documents and settings\asdfsda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-03 19:32 . 2010-02-03 19:32   130   ----a-w-   c:\documents and settings\asdfsda\Local Settings\Application Data\fusioncache.dat
2010-02-02 17:49 . 2009-09-09 22:23   1   ----a-w-   c:\documents and settings\Aaron Tholl\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-31 07:00 . 2009-12-31 07:00   --------   d-----w-   c:\documents and settings\LocalService\Application Data\CyberLink
2009-12-31 06:58 . 2009-12-31 06:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\CyberLink
2009-12-31 06:58 . 2009-09-08 03:35   41184   ----a-w-   c:\documents and settings\Aaron Tholl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 06:58 . 2009-12-31 06:58   --------   d-----w-   c:\documents and settings\Aaron Tholl\Application Data\CyberLink
2009-12-31 06:52 . 2009-12-31 06:52   --------   d-----w-   c:\program files\Sonic Foundry
2009-12-31 06:52 . 2009-12-31 06:52   --------   d-----w-   c:\program files\Pure Motion
2009-12-31 06:52 . 2009-12-31 06:52   --------   d-----w-   c:\program files\DebugMode
2009-12-31 06:43 . 2009-09-08 03:19   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-12-31 06:41 . 2009-12-31 06:39   --------   d-----w-   c:\program files\CyberLink
2009-12-31 04:55 . 2009-12-31 04:55   138240   ----a-w-   c:\documents and settings\Aaron Tholl\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-12-31 04:55 . 2009-12-31 04:55   138240   ----a-w-   c:\documents and settings\Aaron Tholl\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-12-31 04:55 . 2009-12-31 04:55   138240   ----a-w-   c:\documents and settings\Aaron Tholl\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-12-31 04:55 . 2009-12-31 04:55   --------   d-----w-   c:\documents and settings\Aaron Tholl\Application Data\SystemRequirementsLab
2009-12-31 04:55 . 2009-12-31 04:55   138240   ----a-w-   c:\documents and settings\Aaron Tholl\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-12-30 21:57 . 2009-12-30 21:57   --------   d-----w-   c:\program files\Cucusoft
2009-12-30 10:38 . 2009-12-30 10:38   --------   d-----w-   c:\program files\Electronic Arts
2009-12-30 07:06 . 2009-12-30 07:06   --------   d-----w-   c:\program files\Alwil Software
2009-12-30 04:34 . 2009-12-30 04:34   --------   d-----w-   c:\documents and settings\Aaron Tholl\Application Data\Petroglyph
2009-12-30 04:33 . 2009-12-30 04:33   98304   ----a-w-   c:\windows\system32CmdLineExt.dll
2009-12-30 04:17 . 2009-12-29 07:27   --------   d-----w-   c:\program files\LucasArts
2009-12-29 07:33 . 2009-09-08 03:49   --------   d-----w-   c:\program files\Activision
2009-12-27 01:38 . 2009-12-27 01:38   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2009-12-27 01:36 . 2009-12-27 01:36   --------   d-----r-   c:\program files\Skype
2009-12-27 01:36 . 2009-12-27 01:36   --------   d-----w-   c:\program files\Common Files\Skype
2009-12-27 01:36 . 2009-12-27 01:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2009-12-27 00:29 . 2009-12-27 00:27   --------   d-----w-   c:\program files\MSN Toolbar Installer
2009-12-27 00:28 . 2009-12-27 00:28   --------   d-----w-   c:\program files\Microsoft
2009-12-27 00:28 . 2009-12-27 00:28   --------   d-----w-   c:\program files\MSN Toolbar
2009-12-27 00:26 . 2009-09-09 22:20   --------   d-----w-   c:\program files\Java
2009-12-27 00:26 . 2009-12-27 00:26   152576   ----a-w-   c:\documents and settings\Aaron Tholl\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-27 00:11 . 2009-12-27 00:11   79488   ----a-w-   c:\documents and settings\Aaron Tholl\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-26 05:41 . 2009-12-26 05:41   --------   d-----w-   c:\program files\Windows Media Connect 2
2009-12-25 20:08 . 2009-12-25 20:02   --------   d-----w-   c:\documents and settings\Aaron Tholl\Application Data\Apple Computer
2009-12-25 20:04 . 2009-10-31 08:01   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2009-12-25 20:02 . 2009-12-25 20:01   --------   d-----w-   c:\program files\iTunes
2009-12-25 20:02 . 2009-12-25 20:01   --------   d-----w-   c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 20:01 . 2009-12-25 20:01   --------   d-----w-   c:\program files\iPod
2009-12-25 20:01 . 2009-11-04 14:41   --------   d-----w-   c:\program files\Common Files\Apple
2009-12-25 20:01 . 2009-12-15 16:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-25 20:01 . 2009-12-25 20:01   --------   d-----w-   c:\program files\Bonjour
2009-12-17 03:08 . 2009-11-14 23:05   --------   d-----w-   c:\program files\Starcraft
2009-12-15 16:07 . 2009-12-15 16:07   --------   d-----w-   c:\program files\QuickTime
2009-12-02 01:23 . 2009-09-12 19:41   1248   ----a-w-   c:\windows\War3Unin.dat
2009-11-30 19:37 . 2009-11-30 19:37   41872   ----a-w-   c:\windows\system32\xfcodec.dll
2009-11-24 23:54 . 2009-12-30 07:06   1280480   ----a-w-   c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-12-30 07:07   93424   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-12-30 07:07   94160   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-12-30 07:07   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-12-30 07:07   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-12-30 07:07   48560   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-12-30 07:07   23120   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-12-30 07:07   27408   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-12-30 07:07   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-11-21 03:32 . 2009-11-21 03:32   278120   ----a-w-   c:\windows\system32\nvmccs.dll
2009-11-21 03:32 . 2009-11-21 03:32   154216   ----a-w-   c:\windows\system32\nvsvc32.exe
2009-11-21 03:32 . 2009-11-21 03:32   145000   ----a-w-   c:\windows\system32\nvcolor.exe
2009-11-21 03:32 . 2009-11-21 03:32   12669544   ----a-w-   c:\windows\system32\nvcpl.dll
2009-11-21 03:32 . 2009-11-21 03:32   110184   ----a-w-   c:\windows\system32\nvmctray.dll
2009-11-21 03:32 . 2009-11-21 03:32   81920   ----a-w-   c:\windows\system32\nvwddi.dll
2009-11-21 02:34 . 2009-09-08 03:32   592488   ----a-w-   c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2008-01-30 12:52   13602816   ----a-w-   c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2008-01-03 22:26   6282752   ----a-w-   c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2008-01-03 22:26   4038656   ----a-w-   c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2008-01-03 22:26   182888   ----a-w-   c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2008-01-03 22:26   182888   ----a-w-   c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2008-01-03 22:26   1056768   ----a-w-   c:\windows\system32\nvapi.dll
2009-11-21 02:34 . 2008-01-03 22:26   10235968   ----a-w-   c:\windows\system32\drivers\nv4_mini.sys
2009-11-20 04:42 . 2009-09-08 03:30   592488   ----a-w-   c:\windows\system32\NVUNINST.EXE
2009-11-14 23:05 . 2009-11-14 23:05   32738   ----a-w-   c:\windows\scunin.dat
2009-11-14 23:05 . 2009-11-14 23:05   967   ----a-w-   c:\windows\ScUnin.pif
2009-11-14 23:05 . 2009-11-14 23:05   94208   ----a-w-   c:\windows\ScUnin.exe
2009-11-13 00:07 . 2009-11-13 00:07   79144   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-11 04:56 . 2009-10-13 09:05   74072   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-08 06:09 . 2009-09-08 03:58   215104   ----a-w-   c:\windows\system32\PnkBstrB.exe
2009-11-08 05:39 . 2009-09-08 03:58   138576   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Aaron Tholl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-08 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-14 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]

c:\documents and settings\Aaron Tholl\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2009-9-7 987136]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 17:40   87352   ----a-w-   c:\windows\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/30/2009 12:07 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/30/2009 12:07 AM 20560]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2/2/2010 11:36 AM 12672]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 11:41 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [9/26/2009 10:39 AM 47640]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/7/2009 10:38 PM 721904]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [9/7/2009 8:27 PM 176128]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [9/7/2009 8:27 PM 13532]
S4 LMIRfsClientNP;LMIRfsClientNP;

.
Contents of the 'Scheduled Tasks' folder

2010-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1284227242-1417001333-1003Core.job
- c:\documents and settings\Aaron Tholl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-08 04:53]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1284227242-1417001333-1003UA.job
- c:\documents and settings\Aaron Tholl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-08 04:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Aaron Tholl\Application Data\Mozilla\Firefox\Profiles\0rjmaort.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15153&l=dis
FF - prefs.js: keyword.URL -
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Aaron Tholl\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 15:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-02-05  15:53:44
ComboFix-quarantined-files.txt  2010-02-05 22:53

Pre-Run: 135,102,029,824 bytes free
Post-Run: 135,255,506,944 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B5A927D6D57E7EBA3D34E2530C362D43



















HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:13 PM, on 2/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Aaron Tholl\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Aaron Tholl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 9915 bytes

[SuperDave]

What I mean by "It logs me out every time I change a page" is that, on some sites, I will log in. Then, after I log in, when I click a link to navigate through the website, on arrival of the next page I will not be logged in anymore. Or, like Facebook, when I log in it automatically loads a new page that prompts me to log in again.

I'm almost positive that this problem is not related to Malware. Let's try one more scan.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

[stewie-Y]

It found nothing and gave no option to make any logs or export any text files.

[SuperDave]

Ok. If there are no other issues, it's time for some clean-up. You can uninstall HJT but you can keep SAS and MBAM. Update them and run them about once a week.

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
Safe Surfing.

[stewie-Y]

Okay, thank you.

But, do you have any clue what the problem could be since it's not malware related?

[SuperDave]

Hi Stewie. I spend all of my time training on malware issues so I don't know much about the hardware and software side of the computer. Perhaps you could start a new thread on this site and someone more qualified that I could help you.

[stewie-Y]

Okay, thanks!