Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Possible winlogon.exe error plus more please help :)
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 08-15-2009, 01:42 PM   #1 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 14
OS: Windows XP Service Pack 2


Possible winlogon.exe error plus more please help :)
wont bore u with a story :)

Spybot detected 3 or 4 Trojans, said it had removed them but hadnt.
I know one of them infected my winlogon.exe but that has been sorted and the file is replaced.
My computer still behaves oddly,
start up files take a very long time to load, before it was very quick
programs freeze and unfreeze randomly, could have something to do with being idle but seems fairly random
can't open my computer as it freezes
mouse gets stuck and doesnt move for about a minute before finaly responding
andd things dont show up in my system tray seems to be pot luck which do and dont



DDS (Ver_09-07-30.01) - NTFSx86
Run by Tom at 18:29:42.39 on 15/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

============== Pseudo HJT Report ===============

uStart Page = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=0060921
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uDefault_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=0060921
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearchAssistant = about:blank
mWinlogon: Userinit=c:\windows\system32\userinit.exe
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: XBTB05199 Class: {a06dd01f-46e5-4c6c-b80b-b2c2f9011a8b} - c:\program files\netdisaster\netdisaster_v1.2.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Netdisaster: {c44a92dd-2c95-4125-b857-fd9f5ef07fb5} - c:\program files\netdisaster\netdisaster_v1.2.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Orb] "l:\program files\orb networks\orb\bin\OrbTray.exe" /background
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [WinampAgent] "l:\program files\winamp\winampa.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Fonebook] c:\program files\dargan development\fonebook\Fonebook.exe /Silent
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel PhotoDownloader.exe" -startup
mRun: [ClipX] c:\program files\clipx\clipx.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\thomas\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - l:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {C44A92DD-2C95-4125-B857-FD9F5EF07FB5} - {C44A92DD-2C95-4125-B857-FD9F5EF07FB5} - c:\program files\netdisaster\netdisaster_v1.2.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab55579.cab
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245765275562
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} - hxxp://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} - hxxp://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - hxxp://activex.microsoft.com/activex/controls/agent2/tv_enua.exe
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab55668.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - hxxp://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\r5pcld2h.default\
FF - prefs.js: browser.startup.homepage - hxxp://mrtomhill.wordpress.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\tom\application data\mozilla\firefox\profiles\r5pcld2h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.5 beta 4\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-15 17:33 <DIR> -cd----- c:\docume~1\tom\applic~1\Uniblue
2009-08-15 17:27 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-08-15 17:07 <DIR> -cd----- c:\docume~1\tom\applic~1\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-08-15 17:06 <DIR> -cd----- c:\program files\Uniblue
2009-08-14 15:33 <DIR> -cd----- c:\docume~1\tom\applic~1\DAEMON Tools Pro
2009-08-14 15:33 <DIR> -cd----- c:\docume~1\tom\applic~1\DAEMON Tools Lite
2009-08-13 22:04 <DIR> -cd----- C:\Sandbox
2009-08-13 17:32 <DIR> -cd----- c:\docume~1\tom\applic~1\Spore
2009-08-12 00:59 <DIR> -cd----- c:\docume~1\tom\applic~1\COWON
2009-08-11 19:17 <DIR> -cd----- c:\docume~1\tom\applic~1\ViStart
2009-08-11 17:06 2,207 a------- c:\windows\system32\SHORTCUT.INI
2009-08-11 17:05 211 a------- c:\windows\system32\REMOTEDEVICE.INI
2009-08-11 17:05 4,335 a------- c:\windows\system32\LOCALSERVICE.INI
2009-08-11 17:04 98 a------- c:\windows\system32\LOCALDEVICE.INI
2009-08-11 17:02 0 a------- c:\windows\system32\BSPRINT.INI
2009-08-09 11:20 <DIR> --d----- c:\windows\system32\EWS
2009-08-09 11:20 <DIR> -cd----- c:\program files\WaxMail
2009-08-07 00:54 <DIR> -cd----- C:\Pend
2009-08-05 19:36 <DIR> -cd----- c:\docume~1\tom\applic~1\Windows Live Writer
2009-07-27 17:39 <DIR> -cd----- c:\program files\Nokia
2009-07-27 17:39 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-27 17:39 <DIR> -cd----- c:\program files\PC Connectivity Solution
2009-07-24 00:41 <DIR> -cd----- c:\docume~1\tom\applic~1\BitTorrent
2009-07-23 02:34 <DIR> -cdsh--- c:\documents and settings\tom\IECompatCache
2009-07-23 02:32 <DIR> -cdsh--- c:\documents and settings\tom\PrivacIE
2009-07-23 01:37 <DIR> -cd----- c:\docume~1\tom\applic~1\app.destroytwitter.23CA2F9B070E2FB8C4472F982F88B1A471F11AE2.1
2009-07-22 17:35 <DIR> -cd----- c:\docume~1\tom\applic~1\Windows Search
2009-07-22 17:35 <DIR> -cd----- c:\docume~1\tom\applic~1\Windows Desktop Search
2009-07-22 16:05 <DIR> -cd----- c:\documents and settings\tom\Tracing
2009-07-22 16:04 <DIR> -cd----- c:\docume~1\tom\applic~1\DNA
2009-07-22 16:01 <DIR> -cd----- c:\docume~1\tom\applic~1\AOL
2009-07-22 16:01 <DIR> -cd----- c:\docume~1\tom\applic~1\Intel
2009-07-22 16:01 <DIR> -cd----- c:\docume~1\tom\applic~1\You've Got Pictures Screensaver
2009-07-22 16:01 <DIR> -cd----- c:\docume~1\tom\applic~1\Symantec
2009-07-22 16:01 <DIR> -cdsh--- c:\documents and settings\tom\IETldCache
2009-07-22 16:01 <DIR> -cd----- c:\documents and settings\Tom
2009-07-20 13:50 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-07-20 13:41 <DIR> -cd--r-- c:\program files\Skype
2009-07-20 11:55 <DIR> -cd----- c:\program files\DeskTask
2009-07-18 12:56 <DIR> -cd----- c:\program files\Seesmic Desktop

==================== Find3M ====================

2009-08-14 18:32 140,728 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-13 20:05 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-08-13 20:05 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-08-13 17:27 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-08-08 22:08 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-26 23:00 97,560 a---h--- c:\windows\system32\mlfcache.dat
2009-06-08 11:12 1,056 ac-sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-06-08 11:12 88 -c-shr-- c:\docume~1\alluse~1\applic~1\10C15C6A13.sys
2009-05-27 21:40 148,736 ac------ c:\docume~1\alluse~1\applic~1\hpeE9C.dll
2009-05-21 14:27 20,992 a------- c:\windows\jestertb.dll
2009-03-27 16:18 604 ac--h--- c:\program files\STLL Notifier
2007-04-13 20:04 2,536 -c------ c:\program files\3dsmax.ini
2007-04-13 18:34 64 -c------ c:\program files\maxscrpt.dsk
2007-04-13 18:33 0 -c------ c:\program files\RtDxStdMtl2.log
2007-04-13 18:08 114 -c------ c:\program files\plugin.ini
2006-09-28 07:04 251 -c------ c:\program files\wt3d.ini
2004-10-05 17:12 138,430 -c------ c:\program files\Readme.rtf
2007-07-26 12:00 8 a--shr-- c:\windows\copy of system32\1C63AADBD6.dll
2006-10-21 22:25 56 a--shr-- c:\windows\copy of system32\66B9468CC5.sys
2007-12-14 20:57 336,471 a--sh--- c:\windows\system 34\aycdd.ini2
2007-09-15 15:23 88 a--shr-- c:\windows\system 34\C58C46B966.sys
2008-01-22 16:06 168 a--shr-- c:\windows\system 34\D6DBAA631C.sys
2008-12-28 22:55 10,018 a--sh--- c:\windows\system 34\KGyGaAvL.sys
2007-07-26 12:00 8 ---shr-- c:\windows\system32\1C63AADBD6.dll
2006-10-21 22:25 56 ---shr-- c:\windows\system32\66B9468CC5.sys
2007-09-15 15:23 88 ---shr-- c:\windows\system32\C58C46B966.sys
2009-01-18 12:48 9,810 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 18:33:02.42 ===============


Hijack this file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:10:03 PM, on 15/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
L:\Program Files\Winamp\winampa.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe
C:\program files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=0060921
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=0060921
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=0060921
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTB05199 - {A06DD01F-46E5-4C6C-B80B-B2C2F9011A8B} - C:\Program Files\Netdisaster\netdisaster_v1.2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Netdisaster - {C44A92DD-2C95-4125-B857-FD9F5EF07FB5} - C:\Program Files\Netdisaster\netdisaster_v1.2.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "L:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Fonebook] C:\Program Files\Dargan Development\Fonebook\Fonebook.exe /Silent
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [ClipX] C:\Program Files\ClipX\clipx.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Orb] "L:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [Orb] "L:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S (User '?')
O4 - S-1-5-21-2059986134-1244674111-1205378388-1009 Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe (User '?')
O4 - S-1-5-21-2059986134-1244674111-1205378388-1009 Startup: DestroyTwitter.lnk = C:\Program Files\DestroyTwitter\DestroyTwitter.exe (User '?')
O4 - S-1-5-21-2059986134-1244674111-1205378388-1009 Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE (User '?')
O4 - S-1-5-21-2059986134-1244674111-1205378388-1009 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - S-1-5-21-2059986134-1244674111-1205378388-1009 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')
O4 - S-1-5-21-2059986134-1244674111-1205378388-1009 Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User '?')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Startup: DestroyTwitter.lnk = C:\Program Files\DestroyTwitter\DestroyTwitter.exe
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - L:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Netdisaster - {C44A92DD-2C95-4125-B857-FD9F5EF07FB5} - C:\Program Files\Netdisaster\netdisaster_v1.2.dll
O9 - Extra 'Tools' menuitem: Netdisaster - {C44A92DD-2C95-4125-B857-FD9F5EF07FB5} - C:\Program Files\Netdisaster\netdisaster_v1.2.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Thomas\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames...p.cab55579.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1245765275562
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab55762.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/famil...amilyTeleX.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://activex.microsoft.com/activex...t2/tv_enua.exe
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab55668.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmana...agerPlugin.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames...A.cab55579.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: EDTService_c - IT Works Corporation - C:\Program Files\IT Works\DataTerminator Lite\EDTService_c.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - J:\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98ece94fcef42) (gupdate1c98ece94fcef42) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IIS Admin (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Unknown owner - C:\Program Files\KService\KService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: TunerFreeMCEService - Unknown owner - J:\TunerFreeMCEService.exe (file missing)
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - H:\Program Files\USB Safely Remove\USBSRService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 27886 bytes

I've attached as much of the usual files as able, one didnt come up for some reason

Also got a list of processes
If you need anything else please say :)

Hugee thanks for any help in advance
Attached Files
File Type: zip ark.zip (8.6 KB, 5 views)
Last edited by Neonfast; 08-15-2009 at 01:54 PM.
Neonfast is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-22-2009, 10:08 AM   #2 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Re: Possible winlogon.exe error plus more please help :)
Hello Neonfast,

If you still require assistance, please run a new scan with dds, post the fresh dds.txt , and we'll get started.

**Only post the dds.txt, the HijackThis log unnecessary
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-23-2009, 08:37 AM   #3 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 14
OS: Windows XP Service Pack 2


Re: Possible winlogon.exe error plus more please help :)
Thanks!, will do, hijack this had a problem with the start up files and so did dds. also explorer.exe takes ages to load no matter if its the first time ive run it or not. i dont know if this information is help

this error message came up in dds

Could Not Find C:\DOCUME~1\Tom\LOCALS~1\Temp\RarSFX1\StartUp
FINDSTR: Cannot open svclist.dat
Attached Files
File Type: txt DDS.txt (24.0 KB, 2 views)
Neonfast is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-23-2009, 10:15 AM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Re: Possible winlogon.exe error plus more please help :)
Please delete your existing dds.scr and download a fresh copy from here. Save it to your desktop and run it after it's been saved there.

If you still get that error, then please run a scan with this next tool:

Download rsit.exe and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
If you do not see the info.txt you can find it in the C:\rsit folder. Please attach that .txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-23-2009, 05:56 PM   #5 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 14
OS: Windows XP Service Pack 2


Re: Possible winlogon.exe error plus more please help :)
Same problems as before except now there's more
EDS.EXE: can't read StartUp: No such file or directory
Could Not Find C:\DOCUME~1\Tom\LOCALS~1\Temp\RarSFX3\StartUp
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
EDS.EXE: can't read temp00: Permission denied
Access is denied.
EDS.EXE: can't read temp00: Permission denied
Access is denied.
EDS.EXE: can't read temp00: Permission denied
Access is denied.
EDS.EXE: can't read temp00: Permission denied
Access is denied.
EDS.EXE: can't read temp00: Permission denied
Access is denied.
EDS.EXE: can't read temp00: No such file or directory
FINDSTR: Cannot open svclist.dat


Logfile of random's system information tool 1.06 (written by random/random)
Run by Tom at 2009-08-24 00:08:55
WIN_XP Service Pack 2
System drive C: has 2 GB (2%) free of 81 GB
Total RAM: 2038 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:21 AM, on 24/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Tom\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Tom.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
L:\Program Files\Winamp\winamp.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=0060921
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=0060921
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=0060921
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTB05199 - {A06DD01F-46E5-4C6C-B80B-B2C2F9011A8B} - C:\Program Files\Netdisaster\netdisaster_v1.2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Netdisaster - {C44A92DD-2C95-4125-B857-FD9F5EF07FB5} - C:\Program Files\Netdisaster\netdisaster_v1.2.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\coIEPlg.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "L:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Fonebook] C:\Program Files\Dargan Development\Fonebook\Fonebook.exe /Silent
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Meebo Notifier] "L:\Program Files\Meebo\MeeboNotifier.exe" /startup
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2059986134-1244674111-1205378388-1009\..\Run: [Meebo Notifier] "L:\Program Files\Meebo\MeeboNotifier.exe" /startup (User '?')
O4 - S-1-5-21-2059986134-1244674111-1205378388-1009 Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe (User '?')
O4 - S-1-5-21-2059986134-1244674111-1205378388-1009 Startup: DestroyTwitter.lnk = C:\Program Files\DestroyTwitter\DestroyTwitter.exe (User '?')
O4 - S-1-5-21-2059986134-1244674111-1205378388-1009 Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE (User '?')
O4 - S-1-5-21-2059986134-1244674111-1205378388-1009 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - S-1-5-21-2059986134-1244674111-1205378388-1009 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')
O4 - S-1-5-21-2059986134-1244674111-1205378388-1009 Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User '?')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Startup: DestroyTwitter.lnk = C:\Program Files\DestroyTwitter\DestroyTwitter.exe
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Netdisaster - {C44A92DD-2C95-4125-B857-FD9F5EF07FB5} - C:\Program Files\Netdisaster\netdisaster_v1.2.dll
O9 - Extra 'Tools' menuitem: Netdisaster - {C44A92DD-2C95-4125-B857-FD9F5EF07FB5} - C:\Program Files\Netdisaster\netdisaster_v1.2.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Thomas\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames...p.cab55579.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1245765275562
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab55762.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/famil...amilyTeleX.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://activex.microsoft.com/activex...t2/tv_enua.exe
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab55668.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmana...agerPlugin.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames...A.cab55579.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\coIEPlg.dll
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - J:\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98ece94fcef42) (gupdate1c98ece94fcef42) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Unknown owner - C:\Program Files\KService\KService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: TunerFreeMCEService - Unknown owner - J:\TunerFreeMCEService.exe (file missing)
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - H:\Program Files\USB Safely Remove\USBSRService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 23994 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\exterminate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Low Battery Alarm Program.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Thomas.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{0E9BD3CB-6DC2-4395-B013-BAB9E3D17AC5}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E4E26477-CBF1-4661-B610-F3DD79EA1DF1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\coIEPlg.dll [2009-08-18 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\IPSBHO.DLL [2009-08-18 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A06DD01F-46E5-4C6C-B80B-B2C2F9011A8B}]
XBTB05199 Class - C:\Program Files\Netdisaster\netdisaster_v1.2.dll [2007-07-02 1253376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-20 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - []
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll []
{C44A92DD-2C95-4125-B857-FD9F5EF07FB5} - Netdisaster - C:\Program Files\Netdisaster\netdisaster_v1.2.dll [2007-07-02 1253376]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\coIEPlg.dll [2009-08-18 378736]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-08 149280]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-06-29 1032192]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-05-01 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-05-01 602182]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2006-04-06 49152]
"CTSVolFE.exe"=C:\Program Files\Creative\Mixer\CTSVolFE.exe [2005-02-23 57344]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"WinampAgent"=L:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"BtTray"=C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2007-09-10 258134]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-06-16 167936]
"Fonebook"=C:\Program Files\Dargan Development\Fonebook\Fonebook.exe [2009-03-07 411648]
"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe -startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-08-14 3885408]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2008-01-25 1032376]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-07-16 389120]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-16 342848]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-21 68856]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2009-05-28 380416]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Gadwin PrintScreen"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2008-12-09 495616]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"Meebo Notifier"=L:\Program Files\Meebo\MeeboNotifier.exe [2009-08-21 790528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2008-12-09 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
L:\Program Files\Orb Networks\Orb\bin\OrbTray.exe [2009-03-17 510416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2
"Viewpoint Manager Service"=2
"RichVideo"=2
"NMIndexingService"=3
"Nero BackItUp Scheduler 3"=2
"Microsoft Office Groove Audit Service"=3
"MDM"=2
"Macromedia Licensing Service"=3
"LVSrvLauncher"=2
"LVPrcSrv"=2
"LVCOMSer"=2
"libusbd"=2
"LexBceS"=2
"iPod Service"=3
"IISADMIN"=2
"EDTService_c"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Tom\Start Menu\Programs\Startup
BBC iPlayer Desktop.lnk - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
DestroyTwitter.lnk - C:\Program Files\DestroyTwitter\DestroyTwitter.exe
Microsoft Office Groove.lnk - C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-10 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EDTService_c]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EDTService_c]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Documents and Settings\Thomas\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Thomas\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Documents and Settings\Thomas\My Documents\My Downloads\BlueSoleil 6.2.227.11 + Crack\Crack\BlueSoleilCS.exe"="C:\Documents and Settings\Thomas\My Documents\My Downloads\BlueSoleil 6.2.227.11 + Crack\Crack\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"L:\Program Files\Orb Networks\Orb\bin\Orb.exe"="L:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"
"L:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="L:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"L:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="L:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"L:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="L:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"
"L:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="L:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\CyberLink\PowerDirector\PDR.exe"="C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector"
"C:\Documents and Settings\Thomas\Program Files\DNA\btdna.exe"="C:\Documents and Settings\Thomas\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Logitech\Logitech Vid\Vid.exe"="C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

2009-08-23 19:42:22 ----DC---- C:\rsit
2009-08-22 01:11:24 ----DC---- C:\Sandbox
2009-08-21 17:04:28 ----DC---- C:\Documents and Settings\Tom\Application Data\Meebo
2009-08-21 02:14:38 ----DC---- C:\Program Files\Facebook Desktop
2009-08-21 02:12:46 ----DC---- C:\Program Files\facedesk
2009-08-19 22:40:44 ----AC---- C:\Settings.ini
2009-08-19 00:00:48 ----RA---- C:\WINDOWS\SET8.tmp
2009-08-19 00:00:48 ----RA---- C:\WINDOWS\SET4.tmp
2009-08-19 00:00:48 ----RA---- C:\WINDOWS\SET3.tmp
2009-08-19 00:00:48 ----RA---- C:\WINDOWS\SET25.tmp
2009-08-18 22:37:16 ----AC---- C:\AUTOEXEC.BAT
2009-08-18 21:55:53 ----A---- C:\WINDOWS\setuplog.txt
2009-08-15 17:33:52 ----DC---- C:\Documents and Settings\Tom\Application Data\Uniblue
2009-08-15 17:27:07 ----HDC---- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-08-15 17:07:49 ----DC---- C:\Documents and Settings\Tom\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-08-15 1759 ----DC---- C:\Program Files\Uniblue
2009-08-14 15:33:23 ----DC---- C:\Documents and Settings\Tom\Application Data\DAEMON Tools Pro
2009-08-14 15:33:23 ----DC---- C:\Documents and Settings\Tom\Application Data\DAEMON Tools Lite
2009-08-14 15:33:23 ----DC---- C:\Documents and Settings\Tom\Application Data\DAEMON Tools
2009-08-13 22:04:30 ----DC---- C:\Program Files\Sandbox
2009-08-13 17:32:26 ----DC---- C:\Documents and Settings\Tom\Application Data\Spore
2009-08-13 17:27:54 ----RHDC---- C:\Documents and Settings\Tom\Application Data\SecuROM
2009-08-12 00:59:57 ----DC---- C:\Documents and Settings\Tom\Application Data\COWON
2009-08-11 19:17:45 ----DC---- C:\Documents and Settings\Tom\Application Data\ViStart
2009-08-11 1744 ----A---- C:\WINDOWS\system32\SHORTCUT.INI
2009-08-11 17:05:33 ----A---- C:\WINDOWS\system32\REMOTEDEVICE.INI
2009-08-11 17:05:32 ----A---- C:\WINDOWS\system32\LOCALSERVICE.INI
2009-08-11 17:04:53 ----A---- C:\WINDOWS\system32\LOCALDEVICE.INI
2009-08-11 17:02:41 ----A---- C:\WINDOWS\system32\BSPRINT.INI
2009-08-11 11:59:33 ----DC---- C:\Documents and Settings\Tom\Application Data\Audacity
2009-08-09 19:43:11 ----DC---- C:\Documents and Settings\Tom\Application Data\Skype
2009-08-09 19:12:39 ----DC---- C:\Documents and Settings\Tom\Application Data\U3
2009-08-09 11:20:32 ----D---- C:\WINDOWS\system32\EWS
2009-08-09 11:20:31 ----DC---- C:\Program Files\WaxMail
2009-08-08 22:09:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-08 22:09:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-08 22:09:36 ----A---- C:\WINDOWS\system32\java.exe
2009-08-08 22:05:37 ----DC---- C:\Documents and Settings\Tom\Application Data\Sun
2009-08-07 00:54:00 ----DC---- C:\Pend
2009-08-05 19:36:56 ----DC---- C:\Documents and Settings\Tom\Application Data\Windows Live Writer
2009-07-31 19:54:11 ----DC---- C:\Documents and Settings\Tom\Application Data\CyberLink
2009-07-27 17:39:57 ----DC---- C:\Program Files\Nokia
2009-07-27 17:39:34 ----DC---- C:\Program Files\PC Connectivity Solution
2009-07-27 17:39:22 ----DC---- C:\Documents and Settings\Tom\Application Data\PC Suite
2009-07-26 22:53:46 ----DC---- C:\Documents and Settings\Tom\Application Data\Winamp

======List of files/folders modified in the last 1 months======

2009-08-24 00:08:38 ----D---- C:\WINDOWS\Prefetch
2009-08-24 00:01:24 ----DC---- C:\Program Files\Mozilla Firefox 3.5 Beta 4
2009-08-24 00:00:36 ----D---- C:\WINDOWS\Temp
2009-08-23 23:58:08 ----SD---- C:\WINDOWS\Tasks
2009-08-23 23:57:15 ----A---- C:\WINDOWS\system32\bscs.ini
2009-08-23 22:24:53 ----DC---- C:\Documents and Settings\Tom\Application Data\BitTorrent
2009-08-23 22:21:29 ----DC---- C:\Documents and Settings\Tom\Application Data\DNA
2009-08-23 14:11:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-23 13:59:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-23 12:55:42 ----DC---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-08-22 11:05:48 ----D---- C:\WINDOWS\system32
2009-08-22 10:59:20 ----DC---- C:\Program Files\DNA
2009-08-22 01:12:15 ----D---- C:\WINDOWS
2009-08-22 01:12:15 ----A---- C:\WINDOWS\Sandboxie.ini
2009-08-21 02:14:51 ----SHD---- C:\WINDOWS\Installer
2009-08-21 02:14:40 ----SHDC---- C:\Config.Msi
2009-08-21 02:14:40 ----SDC---- C:\Documents and Settings\Tom\Application Data\Microsoft
2009-08-21 02:14:38 ----DC---- C:\Program Files
2009-08-20 11:05:36 ----SHC---- C:\boot.ini
2009-08-20 11:05:35 ----A---- C:\WINDOWS\win.ini
2009-08-20 11:05:35 ----A---- C:\WINDOWS\system.ini
2009-08-20 10:27:06 ----DC---- C:\Program Files\mvufsfql
2009-08-19 18:28:45 ----D---- C:\WINDOWS\system32\drivers
2009-08-19 18:28:40 ----HD---- C:\WINDOWS\inf
2009-08-19 17:55:11 ----DC---- C:\Program Files\Symantec
2009-08-19 17:55:11 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-08-19 16:22:06 ----D---- C:\Program Files\CyberLink
2009-08-18 23:59:20 ----A---- C:\WINDOWS\jestertb.dll
2009-08-18 22:47:42 ----SHD---- C:\RECYCLER
2009-08-18 22:46:36 ----SHD---- C:\System Volume Information
2009-08-18 22:46:36 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-18 22:37:18 ----AC---- C:\WINDOWS\control.ini
2009-08-18 22:37:02 ----A---- C:\WINDOWS\ODBCINST.INI
2009-08-18 22:33:46 ----A---- C:\WINDOWS\vbaddin.ini
2009-08-18 22:33:46 ----A---- C:\WINDOWS\vb.ini
2009-08-18 22:02:20 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-08-18 21:57:09 ----A---- C:\WINDOWS\imsins.BAK
2009-08-18 21:56:08 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-18 15:58:59 ----D---- C:\WINDOWS\system 34
2009-08-18 15:51:34 ----D---- C:\WINDOWS\system32\MsDtc
2009-08-15 14:15:57 ----D---- C:\i386
2009-08-15 12:44:44 ----D---- C:\WINDOWS\system32\dllcache
2009-08-14 18:50:38 ----SHD---- C:\WINDOWS\CSC
2009-08-14 18:42:02 ----D---- C:\WINDOWS\WinSxS
2009-08-14 18:31:47 ----RSD---- C:\WINDOWS\Fonts
2009-08-14 18:23:35 ----DC---- C:\Program Files\Windows Live
2009-08-14 10:15:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-13 23:00:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-13 19:26:40 ----D---- C:\WINDOWS\security
2009-08-11 21:50:30 ----DC---- C:\Program Files\ViStart
2009-08-11 17:04:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-11 12:43:22 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-07 16:33:00 ----DC---- C:\Documents and Settings\Tom\Application Data\Adobe
2009-08-06 16:17:50 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-08-03 15:49:18 ----DC---- C:\Legacy
2009-08-03 15:20:05 ----DC---- C:\Program Files\ClipX
2009-08-03 15:12:39 ----D---- C:\WINDOWS\system32\appmgmt
2009-07-31 11:28:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-27 17:40:29 ----DC---- C:\Documents and Settings\All Users\Application Data\Installations
2009-07-27 17:40:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-27 13:38:13 ----D---- C:\WINDOWS\Minidump
2009-07-26 22:51:04 ----D---- C:\Program Files\Winamp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00A\BHDrvx86.sys [2009-08-18 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NIS\1007020.00A\ccHPx86.sys [2009-08-19 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090810.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-06-12 56108]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1007020.00A\SRTSP.SYS [2009-08-18 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1007020.00A\SRTSPX.SYS [2009-08-18 43696]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00A\SYMTDI.SYS [2009-08-18 217136]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-21 21275]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol; C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-12 13696]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-01-12 13312]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-05-01 13568]
R2 wsppkt;Wireless Security Protocol; C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-01-12 13568]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-14 1364574]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090823.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090823.003\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-10 11136]
R3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-10 10240]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00A\SYMFW.SYS [2009-08-18 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00A\SYMIDS.SYS [2009-08-18 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-18 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00A\SYMNDIS.SYS [2009-08-18 36400]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-26 1429632]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 SEAPHIDEPRO;SEAPHIDEPRO; \??\I:\Program Files\Hide Wizard\hookpro.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 atirage3;atirage3; C:\WINDOWS\system32\DRIVERS\atimpae.sys [2001-08-17 75136]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-05-01 23832]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-07 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-08-07 21672]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-09-05 19034]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys []
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-10-12 1920920]
S3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2009-04-30 25624]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2009-05-01 265496]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 LVUVC;Logitech QuickCam Pro 9000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2009-05-01 6754712]
S3 max128k;max128k; C:\WINDOWS\system32\drivers\max128k.sys [2004-07-03 3840]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-10 40320]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 ovt519;D-Link VGA Webcam; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-10-15 174530]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMDNS.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-18 36400]
S3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS []
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-02-20 27936]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2007-03-05 19472]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-15 82688]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-09-14 1155180]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2007-09-25 69632]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-05-01 114753]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-09-10 156968]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-08 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-06-29 376832]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe [2009-08-18 117640]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2008-07-23 185632]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-05-01 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-05-01 540745]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2009-05-28 53760]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-05-01 262217]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]
S2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
S2 gupdate1c98ece94fcef42;Google Update Service (gupdate1c98ece94fcef42); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 KService;KService; C:\Program Files\KService\KService.exe []
S2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2004-08-10 4608]
S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2004-08-10 117248]
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe []
S2 TunerFreeMCEService;TunerFreeMCEService; J:\TunerFreeMCEService.exe []
S2 USBSafelyRemoveService;USB Safely Remove Assistant; H:\Program Files\USB Safely Remove\USBSRService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; J:\Common\Database\bin\fbserver.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-18 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-09 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe []
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S4 EDTService_c;EDTService_c; C:\Program Files\IT Works\DataTerminator Lite\EDTService_c.exe [2009-01-15 1246280]
S4 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe []
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S4 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
S4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944]
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
S4 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 154136]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2008-07-26 141848]
S4 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-10-11 68096]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2006-10-26 335872]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
Attached Files
File Type: txt log.txt (67.5 KB, 1 views)
File Type: txt info.txt (31.4 KB, 0 views)
Last edited by Ried; 08-23-2009 at 08:44 PM.
Neonfast is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-23-2009, 06:06 PM   #6 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 14
OS: Windows XP Service Pack 2


Re: Possible winlogon.exe error plus more please help :)
the other file...
Attached Files
File Type: txt DDS.txt (23.5 KB, 0 views)
Neonfast is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-23-2009, 08:44 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Re: Possible winlogon.exe error plus more please help :)
Alright, let's get started. Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-24-2009, 10:48 AM   #8 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 14
OS: Windows XP Service Pack 2


Re: Possible winlogon.exe error plus more please help :)
results here, problem persists tho

ComboFix 09-08-23.01 - Tom 24/08/2009 16:50.1.2 - NTFSx86
Running from: c:\documents and settings\Tom\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1417001333-1844823847-725345543-1004
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\cookies.ini
c:\windows\Installer\112ea348.msp
c:\windows\Installer\112ea369.msp
c:\windows\Installer\112ea37e.msp
c:\windows\Installer\112ea392.msp
c:\windows\Installer\112ea3aa.msp
c:\windows\Installer\112ea3c0.msp
c:\windows\Installer\11753027.msi
c:\windows\Installer\142ac6cf.msi
c:\windows\Installer\151e95.msp
c:\windows\Installer\15a8be2c.msi
c:\windows\Installer\162ff095.msp
c:\windows\Installer\162ff0a9.msp
c:\windows\Installer\162ff0bc.msp
c:\windows\Installer\16d83d.msi
c:\windows\Installer\16d841.msi
c:\windows\Installer\183ab8.msi
c:\windows\Installer\183ace.msp
c:\windows\Installer\183b12.msi
c:\windows\Installer\183b2c.msp
c:\windows\Installer\19079c59.msi
c:\windows\Installer\19596492.msi
c:\windows\Installer\1a290c19.msp
c:\windows\Installer\1a967c35.msi
c:\windows\Installer\1ef7f1b.msp
c:\windows\Installer\1ef7f30.msp
c:\windows\Installer\1ef7f38.msp
c:\windows\Installer\1ef7f40.msp
c:\windows\Installer\1fdf0cbc.msi
c:\windows\Installer\201274.msi
c:\windows\Installer\20127c.msi
c:\windows\Installer\201290.msi
c:\windows\Installer\2012ab.msi
c:\windows\Installer\20c2d4c.msp
c:\windows\Installer\20c2d54.msp
c:\windows\Installer\20c2d97.msp
c:\windows\Installer\20c2d9e.msp
c:\windows\Installer\20c2da5.msp
c:\windows\Installer\22377d34.msi
c:\windows\Installer\23852d.msp
c:\windows\Installer\25943882.msi
c:\windows\Installer\25943889.msp
c:\windows\Installer\266816f6.msp
c:\windows\Installer\26f808.msi
c:\windows\Installer\26f80d.msi
c:\windows\Installer\26f813.msi
c:\windows\Installer\2d2ad0.msp
c:\windows\Installer\2d2ae4.msp
c:\windows\Installer\3bb7ed.msi
c:\windows\Installer\3e165419.msp
c:\windows\Installer\3ec0e10.msp
c:\windows\Installer\4610d8b.msi
c:\windows\Installer\4652c84c.msi
c:\windows\Installer\4652c853.msi
c:\windows\Installer\4652c859.msi
c:\windows\Installer\4652c85f.msi
c:\windows\Installer\4652c865.msi
c:\windows\Installer\4652c86b.msi
c:\windows\Installer\4652c871.msi
c:\windows\Installer\4652c877.msi
c:\windows\Installer\4652c87d.msi
c:\windows\Installer\4652c883.msi
c:\windows\Installer\4652c88a.msi
c:\windows\Installer\4652c895.msi
c:\windows\Installer\4652c89b.msi
c:\windows\Installer\4652c8a1.msi
c:\windows\Installer\4652c8a7.msi
c:\windows\Installer\4652c8ad.msi
c:\windows\Installer\4652c8b3.msi
c:\windows\Installer\4652c8b4.msi
c:\windows\Installer\4b577b2.msp
c:\windows\Installer\4b57804.msp
c:\windows\Installer\4b57821.msp
c:\windows\Installer\4facc29.msi
c:\windows\Installer\521921c.msp
c:\windows\Installer\521921d.msp
c:\windows\Installer\521921e.msp
c:\windows\Installer\521921f.msp
c:\windows\Installer\5219220.msp
c:\windows\Installer\5219221.msp
c:\windows\Installer\5219222.msp
c:\windows\Installer\5219223.msp
c:\windows\Installer\5219224.msp
c:\windows\Installer\55d7e4f.msi
c:\windows\Installer\55d7e63.msi
c:\windows\Installer\55d7e6f.msi
c:\windows\Installer\55d7e80.msi
c:\windows\Installer\55d7e8a.msi
c:\windows\Installer\55d7e9c.msi
c:\windows\Installer\55d7ec3.msi
c:\windows\Installer\55d7ed0.msi
c:\windows\Installer\55d7efd.msi
c:\windows\Installer\588f91e.msi
c:\windows\Installer\58e19d3.msp
c:\windows\Installer\58e1a0b.msp
c:\windows\Installer\58e1a20.msp
c:\windows\Installer\58e1a38.msp
c:\windows\Installer\58e1a63.msp
c:\windows\Installer\58e1a8a.msp
c:\windows\Installer\58e1a98.msp
c:\windows\Installer\58e1ab0.msp
c:\windows\Installer\58e1ada.msp
c:\windows\Installer\5964011.msi
c:\windows\Installer\5e0d5ae.msi
c:\windows\Installer\5f705a.msp
c:\windows\Installer\6a4834f.msi
c:\windows\Installer\6a48357.msi
c:\windows\Installer\6bee4.msi
c:\windows\Installer\6beeb.msi
c:\windows\Installer\6bef0.msi
c:\windows\Installer\71864a.msp
c:\windows\Installer\71865f.msp
c:\windows\Installer\718673.msp
c:\windows\Installer\718688.msp
c:\windows\Installer\71869d.msp
c:\windows\Installer\7186b2.msp
c:\windows\Installer\7186c6.msp
c:\windows\Installer\72a1633.msi
c:\windows\Installer\73ec24f.msp
c:\windows\Installer\73ec263.msp
c:\windows\Installer\73ec28c.msp
c:\windows\Installer\73ec2b4.msp
c:\windows\Installer\75df1e4.msp
c:\windows\Installer\75df1f9.msp
c:\windows\Installer\75df20d.msp
c:\windows\Installer\75df220.msp
c:\windows\Installer\75df233.msp
c:\windows\Installer\75df23c.msp
c:\windows\Installer\75df261.msp
c:\windows\Installer\75df274.msp
c:\windows\Installer\76376ff.msp
c:\windows\Installer\7e8d168.msp
c:\windows\Installer\7f8c0a.msi
c:\windows\Installer\83965d42.msi
c:\windows\Installer\847fc47.msi
c:\windows\Installer\8a37b58.msi
c:\windows\Installer\98dc196.msi
c:\windows\Installer\9a417.msi
c:\windows\Installer\9a619c8.msi
c:\windows\Installer\9d2651e.msi
c:\windows\Installer\a2ac680.msi
c:\windows\Installer\a2ac687.msi
c:\windows\Installer\a2ac695.msi
c:\windows\Installer\a2c64ec.msp
c:\windows\Installer\a2c6500.msp
c:\windows\Installer\a2c6509.msp
c:\windows\Installer\a2c6531.msp
c:\windows\Installer\a2c6546.msp
c:\windows\Installer\ad97f9.msi
c:\windows\Installer\b06c6b8.msp
c:\windows\Installer\b06c714.msp
c:\windows\Installer\b06c71c.msp
c:\windows\Installer\b0bea71.msi
c:\windows\Installer\c4655.msi
c:\windows\Installer\c509e4a.msi
c:\windows\Installer\c9a430.msp
c:\windows\Installer\c9a444.msp
c:\windows\Installer\c9a457.msp
c:\windows\Installer\cd838a7.msi
c:\windows\Installer\d72a49.msp
c:\windows\Installer\dd0e70.msi
c:\windows\Installer\eaf3115.msi
c:\windows\Installer\eaf3116.msp
c:\windows\Installer\eaf3117.msp
c:\windows\Installer\eaf3118.msp
c:\windows\Installer\eaf3119.msp
c:\windows\Installer\eaf311a.msp
c:\windows\Installer\eaf311b.msp
c:\windows\Installer\eaf311c.msp
c:\windows\Installer\eaf311d.msp
c:\windows\Installer\eaf311e.msp
c:\windows\Installer\eaf311f.msp
c:\windows\Installer\eb29824.msi
c:\windows\Installer\ef4b5ce.msi
c:\windows\Installer\ef4b5d8.msi
c:\windows\Installer\f4a243b.msi
c:\windows\Installer\f4a243c.msp
c:\windows\Installer\f4a243d.msp
c:\windows\Installer\f4a243e.msp
c:\windows\Installer\f4a243f.msp
c:\windows\Installer\f4a2440.msp
c:\windows\Installer\f4a2441.msp
c:\windows\Installer\f4a2442.msp
c:\windows\Installer\f4a2443.msp
c:\windows\Installer\f4a2444.msp
c:\windows\Installer\fbce41.msi
c:\windows\Installer\fcc2029.msi
c:\windows\Installer\fcc2033.msi
c:\windows\jestertb.dll
c:\windows\kb913800.exe
c:\windows\system32\_003783_.tmp.dll
c:\windows\system32\_003784_.tmp.dll
c:\windows\system32\_003785_.tmp.dll
c:\windows\system32\_003786_.tmp.dll
c:\windows\system32\_003793_.tmp.dll
c:\windows\system32\_003794_.tmp.dll
c:\windows\system32\_003795_.tmp.dll
c:\windows\system32\_003796_.tmp.dll
c:\windows\system32\_003798_.tmp.dll
c:\windows\system32\_003799_.tmp.dll
c:\windows\system32\_003802_.tmp.dll
c:\windows\system32\_003803_.tmp.dll
c:\windows\system32\_003805_.tmp.dll
c:\windows\system32\_003806_.tmp.dll
c:\windows\system32\_003807_.tmp.dll
c:\windows\system32\_003809_.tmp.dll
c:\windows\system32\_003812_.tmp.dll
c:\windows\system32\_003813_.tmp.dll
c:\windows\system32\_003817_.tmp.dll
c:\windows\system32\_003818_.tmp.dll
c:\windows\system32\_003820_.tmp.dll
c:\windows\system32\_003823_.tmp.dll
c:\windows\system32\_003825_.tmp.dll
c:\windows\system32\_003826_.tmp.dll
c:\windows\system32\_003827_.tmp.dll
c:\windows\system32\_003828_.tmp.dll
c:\windows\system32\_003829_.tmp.dll
c:\windows\system32\_003832_.tmp.dll
c:\windows\system32\_003833_.tmp.dll
c:\windows\system32\_003834_.tmp.dll
c:\windows\system32\_003835_.tmp.dll
c:\windows\system32\_003836_.tmp.dll
c:\windows\system32\_003841_.tmp.dll
c:\windows\system32\_003843_.tmp.dll
c:\windows\system32\Cache
c:\windows\system32\dumphive.exe
c:\windows\system32\iexplore.exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\mdm.exe
c:\windows\system32\nuinopsd
c:\windows\system32\nuinopsd\bg1.gif
c:\windows\system32\nuinopsd\bgtop.gif
c:\windows\system32\nuinopsd\bottom1.gif
c:\windows\system32\nuinopsd\essentials.gif
c:\windows\system32\nuinopsd\icon1.ico
c:\windows\system32\nuinopsd\install1.gif
c:\windows\system32\nuinopsd\left1.gif
c:\windows\system32\nuinopsd\li.gif
c:\windows\system32\nuinopsd\logo.gif
c:\windows\system32\nuinopsd\main.htm
c:\windows\system32\nuinopsd\mainframe.htm
c:\windows\system32\nuinopsd\reinstall1.gif
c:\windows\system32\nuinopsd\right1.gif
c:\windows\system32\nuinopsd\s1.htm
c:\windows\system32\nuinopsd\s2.htm
c:\windows\system32\nuinopsd\s3.htm
c:\windows\system32\nuinopsd\SMTop1.gif
c:\windows\system32\nuinopsd\SMTop2.gif
c:\windows\system32\nuinopsd\SMTop3.gif
c:\windows\system32\nuinopsd\SMTop4.gif
c:\windows\system32\nuinopsd\soft1_off.gif
c:\windows\system32\nuinopsd\soft1_off_ext.gif
c:\windows\system32\nuinopsd\soft1_on.gif
c:\windows\system32\nuinopsd\soft1_on_ext.gif
c:\windows\system32\nuinopsd\soft2_off.gif
c:\windows\system32\nuinopsd\soft2_off_ext.gif
c:\windows\system32\nuinopsd\soft2_on.gif
c:\windows\system32\nuinopsd\soft2_on_ext.gif
c:\windows\system32\nuinopsd\soft3_off.gif
c:\windows\system32\nuinopsd\soft3_off_ext.gif
c:\windows\system32\nuinopsd\soft3_on.gif
c:\windows\system32\nuinopsd\soft3_on_ext.gif
c:\windows\system32\nuinopsd\softbottom_off.gif
c:\windows\system32\nuinopsd\softbottom_on.gif
c:\windows\system32\nuinopsd\softleft_off.gif
c:\windows\system32\nuinopsd\softleft_on.gif
c:\windows\system32\nuinopsd\top1.gif
c:\windows\system32\nuinopsd\top2.gif
c:\windows\system32\nuinopsd\turnoff1.gif
c:\windows\system32\nuinopsd\turnon1.gif
c:\windows\system32\rekesxga.ini
c:\windows\system32\SET412.tmp
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sysdm.exe
c:\windows\system32\tmp.reg
c:\windows\system32\update
c:\windows\system32\update\eula.rtf
c:\windows\system32\update\ie8.cat
c:\windows\system32\update\iecustom.dll
c:\windows\system32\update\iesetup.exe
c:\windows\system32\update\sqmapi.dll
c:\windows\system32\update\update.exe
c:\windows\system32\update\update.exe.manifest
c:\windows\system32\update\update.inf
c:\windows\system32\update\update.ver
c:\windows\system32\update\updspapi.dll
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\UA000079.DLL
L:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.

2009-08-24 14:42 . 2009-08-18 19:11 165240 -c--a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-08-24 05:41 . 2009-08-19 08:00 87888 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090823.021\NAVENG.SYS
2009-08-24 05:41 . 2009-08-19 08:00 875728 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090823.021\NAVEX15.SYS
2009-08-24 05:41 . 2009-08-19 08:00 177520 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090823.021\NAVENG32.DLL
2009-08-24 05:41 . 2009-08-19 08:00 1181040 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090823.021\NAVEX32A.DLL
2009-08-24 05:41 . 2009-08-19 08:00 259368 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090823.021\ECMSVR32.DLL
2009-08-24 05:41 . 2009-08-17 21:32 371248 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090823.021\EECTRL.SYS
2009-08-24 05:41 . 2009-08-17 21:32 2414128 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090823.021\CCERASER.DLL
2009-08-24 05:41 . 2009-08-17 21:32 101936 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090823.021\ERASER.SYS
2009-08-23 18:42 . 2009-08-23 18:56 -------- dc----w- C:\rsit
2009-08-22 00:11 . 2009-08-22 00:11 -------- dc----w- C:\Sandbox
2009-08-21 16:04 . 2009-08-21 16:05 -------- dc----w- c:\documents and settings\Tom\Application Data\Meebo
2009-08-21 01:14 . 2009-08-21 01:14 70526 -c--a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{844B8965-E5AA-4F9A-A4D4-4E59D4F44F64}\_C0F7707E361E2EFBB615DA.exe
2009-08-21 01:14 . 2009-08-21 01:14 1406 -c--a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{844B8965-E5AA-4F9A-A4D4-4E59D4F44F64}\_84112B0DCA0F2FA1F60541.exe
2009-08-21 01:14 . 2009-08-21 01:14 1406 -c--a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{844B8965-E5AA-4F9A-A4D4-4E59D4F44F64}\_6FEFF9B68218417F98F549.exe
2009-08-21 01:14 . 2009-08-21 01:14 -------- dc----w- c:\program files\Facebook Desktop
2009-08-21 01:12 . 2009-08-21 01:12 -------- dc----w- c:\program files\facedesk
2009-08-18 14:38 . 2009-08-18 14:49 312344688 ----a-w- c:\windows\system 34.zip
2009-08-18 11:34 . 2009-08-18 11:34 -------- dc----w- c:\documents and settings\Tom\Local Settings\Application Data\Symantec
2009-08-18 11:09 . 2009-08-18 11:09 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-08-18 10:22 . 2009-08-18 10:23 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Corel
2009-08-15 16:33 . 2009-08-15 16:33 -------- dc----w- c:\documents and settings\Tom\Application Data\Uniblue
2009-08-15 16:27 . 2009-07-21 10:55 2568398 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
2009-08-15 16:27 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-08-15 16:27 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-08-15 16:27 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-08-15 16:27 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-08-15 16:27 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-08-15 16:27 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-08-15 16:27 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-08-15 16:27 . 2009-08-15 16:27 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-08-15 16:07 . 2009-08-15 16:07 -------- dc----w- c:\documents and settings\Tom\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-08-15 16:06 . 2009-08-15 16:27 -------- dc----w- c:\program files\Uniblue
2009-08-15 13:06 . 2009-08-15 13:06 -------- dc----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-08-15 13:05 . 2009-08-15 13:05 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-08-14 14:33 . 2009-08-14 14:33 -------- dc----w- c:\documents and settings\Tom\Application Data\DAEMON Tools Pro
2009-08-14 14:33 . 2009-08-14 14:33 -------- dc----w- c:\documents and settings\Tom\Application Data\DAEMON Tools Lite
2009-08-14 14:33 . 2009-08-14 14:33 -------- dc----w- c:\documents and settings\Tom\Application Data\DAEMON Tools
2009-08-14 11:33 . 2009-08-14 11:33 -------- dc----w- c:\documents and settings\Administrator\Tracing
2009-08-13 21:04 . 2009-08-13 21:04 -------- dc----w- c:\program files\Sandbox
2009-08-13 16:32 . 2009-08-13 16:34 -------- dc----w- c:\documents and settings\Tom\Application Data\Spore
2009-08-13 16:27 . 2009-08-13 16:27 -------- dc-h--r- c:\documents and settings\Tom\Application Data\SecuROM
2009-08-12 09:11 . 2009-07-11 19:34 276344 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-08-12 09:11 . 2009-07-11 19:34 533880 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-08-12 09:11 . 2009-07-11 19:34 451960 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-08-12 09:11 . 2009-07-11 19:34 293424 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-08-12 09:11 . 2009-07-11 19:34 397360 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-08-11 23:59 . 2009-08-11 23:59 -------- dc----w- c:\documents and settings\Tom\Application Data\COWON
2009-08-11 19:25 . 2009-08-11 19:25 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\bluesoleil
2009-08-11 18:17 . 2009-08-11 18:20 -------- dc----w- c:\documents and settings\Tom\Application Data\ViStart
2009-08-11 16:04 . 2009-08-11 16:04 -------- dc----w- c:\documents and settings\Tom\Local Settings\Application Data\bluesoleil
2009-08-11 11:43 . 2005-04-27 23:15 2560 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2009-08-11 10:59 . 2009-08-11 16:49 -------- dc----w- c:\documents and settings\Tom\Application Data\Audacity
2009-08-09 18:49 . 2006-12-14 09:00 110592 -c--a-w- c:\documents and settings\Tom\Application Data\U3\temp\cleanup.exe
2009-08-09 18:43 . 2009-08-11 19:22 -------- dc----w- c:\documents and settings\Tom\Application Data\Skype
2009-08-09 18:12 . 2007-02-12 16:46 3096576 -c-ha-w- c:\documents and settings\Tom\Application Data\U3\temp\Launchpad Removal.exe
2009-08-09 18:12 . 2009-08-09 23:01 -------- dc----w- c:\documents and settings\Tom\Application Data\U3
2009-08-09 15:16 . 2009-08-09 15:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\CyberLink
2009-08-09 10:20 . 2009-08-09 10:20 -------- d-----w- c:\windows\system32\EWS
2009-08-09 10:20 . 2009-08-09 10:20 -------- dc----w- c:\program files\WaxMail
2009-08-08 21:06 . 2009-08-08 21:06 152576 -c--a-w- c:\documents and settings\Tom\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-06 23:54 . 2009-08-18 14:37 -------- dc----w- C:\Pend
2009-08-06 10:11 . 2009-08-06 10:22 -------- dc----w- c:\documents and settings\Tom\Local Settings\Application Data\Adobe
2009-08-05 18:36 . 2009-08-05 19:47 -------- dc----w- c:\documents and settings\Tom\Application Data\Windows Live Writer
2009-08-05 18:36 . 2009-08-05 18:37 -------- dc----w- c:\documents and settings\Tom\Local Settings\Application Data\Windows Live Writer
2009-07-31 18:54 . 2009-07-31 18:54 -------- dc----w- c:\documents and settings\Tom\Application Data\CyberLink
2009-07-31 05:12 . 2009-07-31 05:13 -------- dc----w- c:\documents and settings\Tom\Local Settings\Application Data\Temp
2009-07-30 23:21 . 2009-07-11 19:34 533880 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-30 23:21 . 2009-07-11 19:34 276344 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-30 23:21 . 2009-07-11 19:34 451960 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-30 23:21 . 2009-07-11 19:34 293424 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-30 23:21 . 2009-07-11 19:34 397360 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-07-28 22:08 . 2009-02-19 14:27 62760 -c--a-w- c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\r5pcld2h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
2009-07-27 16:39 . 2009-07-27 16:39 -------- dc----w- c:\program files\Nokia
2009-07-27 16:39 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-27 16:39 . 2009-07-27 16:39 -------- dc----w- c:\program files\PC Connectivity Solution
2009-07-27 16:39 . 2009-07-27 16:39 -------- dc----w- c:\documents and settings\Tom\Application Data\PC Suite
2009-07-27 16:39 . 2008-09-08 14:11 13099456 -c--a-w- c:\documents and settings\All Users\Application Data\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\PCCS.exe
2009-07-27 16:38 . 2009-07-27 16:38 8192 -c--a-w- c:\documents and settings\All Users\Application Data\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-26 21:53 . 2009-07-27 14:29 -------- dc----w- c:\documents and settings\Tom\Application Data\Winamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 15:35 . 2009-04-28 17:22 -------- dc----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-08-24 14:43 . 2009-02-14 00:39 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-24 11:55 . 2009-07-23 23:41 -------- dc----w- c:\documents and settings\Tom\Application Data\BitTorrent
2009-08-23 21:21 . 2009-07-22 15:04 -------- dc----w- c:\documents and settings\Tom\Application Data\DNA
2009-08-22 14:40 . 2007-09-21 15:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-08-22 14:39 . 2008-01-06 15:56 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-08-22 09:59 . 2008-03-29 11:16 -------- dc----w- c:\program files\DNA
2009-08-21 09:59 . 2008-09-02 17:09 97560 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-20 13:31 . 2009-04-05 19:13 140728 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-20 09:27 . 2007-12-03 07:23 -------- dc----w- c:\program files\mvufsfql
2009-08-19 16:55 . 2009-03-10 19:19 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-19 16:55 . 2009-03-10 19:19 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-19 16:55 . 2009-03-10 19:19 -------- dc----w- c:\program files\Symantec
2009-08-19 16:55 . 2008-08-29 11:52 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-19 16:55 . 2008-08-29 11:52 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-19 16:54 . 2009-03-10 19:23 554352 -c--a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-08-19 15:22 . 2006-09-21 06:34 -------- d-----w- c:\program files\CyberLink
2009-08-18 19:11 . 2009-03-25 19:32 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-14 17:50 . 2009-01-18 20:56 140728 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-14 17:23 . 2009-01-15 19:01 -------- dc----w- c:\program files\Windows Live
2009-08-14 09:15 . 2007-03-13 20:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-13 22:00 . 2007-03-13 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-11 20:50 . 2009-03-15 17:36 -------- dc----w- c:\program files\ViStart
2009-08-11 19:33 . 2009-07-20 12:43 -------- dc----w- c:\documents and settings\Thomas\Application Data\Skype
2009-08-11 19:33 . 2008-03-29 11:16 -------- dc----w- c:\documents and settings\Thomas\Application Data\DNA
2009-08-06 15:17 . 2008-11-21 17:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-06 15:17 . 2009-07-23 00:37 38208 -c--a-w- c:\documents and settings\Tom\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-08-06 15:17 . 2009-02-01 19:21 38208 ----a-w- c:\documents and settings\Thomas\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-08-03 14:20 . 2009-04-23 06:33 -------- dc----w- c:\program files\ClipX
2009-07-28 10:45 . 2007-10-27 14:45 -------- dc----w- c:\documents and settings\Thomas\Application Data\BitTorrent
2009-07-27 16:40 . 2007-06-23 14:19 -------- dc----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-26 21:51 . 2007-07-29 14:46 -------- d-----w- c:\program files\Winamp
2009-07-23 15:12 . 2009-07-23 15:12 -------- dc----w- c:\documents and settings\Tom\Application Data\DivX
2009-07-23 12:48 . 2009-07-22 15:01 -------- dc----w- c:\documents and settings\Tom\Application Data\Corel
2009-07-23 00:37 . 2009-07-23 00:37 -------- dc----w- c:\documents and settings\Tom\Application Data\app.destroytwitter.23CA2F9B070E2FB8C4472F982F88B1A471F11AE2.1
2009-07-22 17:14 . 2009-07-20 12:50 -------- dc----w- c:\documents and settings\Thomas\Application Data\skypePM
2009-07-22 16:35 . 2009-07-22 16:35 -------- dc----w- c:\documents and settings\Tom\Application Data\Windows Search
2009-07-22 16:35 . 2009-07-22 16:35 -------- dc----w- c:\documents and settings\Tom\Application Data\Windows Desktop Search
2009-07-22 14:56 . 2007-12-30 11:02 140728 -c--a-w- c:\documents and settings\Emily\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-22 00:24 . 2008-07-06 13:53 34 -c--a-w- c:\documents and settings\Thomas\jagex_runescape_preferences.dat
2009-07-20 12:50 . 2009-07-20 12:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-20 12:43 . 2009-07-20 12:41 -------- dc----r- c:\program files\Skype
2009-07-20 12:42 . 2009-07-20 12:42 -------- d-----w- c:\program files\Common Files\Skype
2009-07-20 12:41 . 2009-07-20 12:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-20 10:55 . 2009-07-20 10:55 -------- dc----w- c:\program files\DeskTask
2009-07-20 09:50 . 2007-05-28 11:45 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-18 11:56 . 2009-07-18 11:56 -------- dc----w- c:\program files\Seesmic Desktop
2009-07-13 21:38 . 2009-05-15 22:30 -------- dc----w- c:\program files\MediaMonkey
2009-07-12 11:51 . 2009-06-06 12:20 -------- dc----w- c:\program files\DestroyTwitter
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-08 08:57 . 2009-07-08 08:57 -------- dc----w- c:\program files\Sandboxie
2009-07-07 15:09 . 2009-07-07 15:09 -------- dc----w- c:\documents and settings\Thomas\Application Data\app.destroytwitter.23CA2F9B070E2FB8C4472F982F88B1A471F11AE2.1
2009-07-06 23:40 . 2009-07-06 23:40 -------- dc----w- c:\documents and settings\Thomas\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
2009-06-21 22:10 . 2009-06-21 22:10 1878984 ----a-w- c:\documents and settings\Thomas\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-08 10:12 . 2009-06-08 10:10 88 -csh--r- c:\documents and settings\All Users\Application Data\10C15C6A13.sys
2009-06-08 10:12 . 2009-06-08 10:10 88 -csh--r- c:\documents and settings\All Users\Application Data\10C15C6A13.sys
2009-06-08 10:12 . 2009-06-08 10:10 1056 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-08 10:12 . 2009-06-08 10:10 1056 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-06 18:58 . 2009-06-06 18:58 207872 -c--a-w- c:\documents and settings\Thomas\Application Data\SystemRequirementsLab\SRLProxy_ind_4.dll
2009-06-06 18:58 . 2009-06-06 18:58 207872 -c--a-w- c:\documents and settings\Thomas\Application Data\SystemRequirementsLab\SRLProxy_ind_3.dll
2009-06-06 18:58 . 2009-06-06 18:58 207872 -c--a-w- c:\documents and settings\Thomas\Application Data\SystemRequirementsLab\SRLProxy_ind_2.dll
2009-06-06 18:58 . 2009-06-06 18:58 207872 -c--a-w- c:\documents and settings\Thomas\Application Data\SystemRequirementsLab\SRLProxy_ind_1.dll
2009-05-27 20:40 . 2009-05-27 20:40 148736 -c--a-w- c:\documents and settings\All Users\Application Data\hpeE9C.dll
2009-05-27 20:40 . 2009-05-27 20:40 148736 -c--a-w- c:\documents and settings\All Users\Application Data\hpeE9C.dll
2009-05-27 19:39 . 2009-05-27 19:39 2238 ----a-w- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{1D4F1B60-1C9A-4822-88CF-4F1600E516E0}\ARPPRODUCTICON.exe
2009-05-27 13:00 . 2009-05-27 13:00 26694 ----a-w- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{09182454-657E-43E5-BCA4-9901B0C6D1A1}\_63903DC13BC040DA6C2818.exe
2009-03-27 15:18 . 2009-03-27 15:18 604 -c-ha-w- c:\program files\STLL Notifier
2007-04-13 19:04 . 2007-04-13 17:08 2536 -c----w- c:\program files\3dsmax.ini
2007-04-13 17:34 . 2007-04-13 17:34 64 -c----w- c:\program files\maxscrpt.dsk
2007-04-13 17:33 . 2007-04-13 17:33 0 -c----w- c:\program files\RtDxStdMtl2.log
2007-04-13 17:08 . 2007-04-13 17:08 114 -c----w- c:\program files\plugin.ini
2006-09-28 06:04 . 2006-09-28 06:04 251 -c----w- c:\program files\wt3d.ini
2004-10-05 16:12 . 2004-10-05 16:12 138430 -c----w- c:\program files\Readme.rtf
2008-06-30 12:44 . 2008-08-29 13:01 324976 -c--a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-09-09 19:32 . 2008-09-09 19:32 122880 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-12-14 19:57 . 2009-01-11 18:45 336471 --sha-w- c:\windows\system 34\aycdd.ini2
2007-09-15 14:23 . 2009-01-11 18:45 88 --sha-r- c:\windows\system 34\C58C46B966.sys
2008-01-22 15:06 . 2009-01-11 18:45 168 --sha-r- c:\windows\system 34\D6DBAA631C.sys
2008-12-28 21:55 . 2009-01-11 18:46 10018 --sha-w- c:\windows\system 34\KGyGaAvL.sys
2007-07-26 11:00 . 2007-07-26 11:00 8 --sh--r- c:\windows\system32\1C63AADBD6.dll
2006-10-21 21:25 . 2006-10-15 09:45 56 --sh--r- c:\windows\system32\66B9468CC5.sys
2007-09-15 14:23 . 2006-09-27 17:32 88 --sh--r- c:\windows\system32\C58C46B966.sys
2009-01-18 11:48 . 2006-09-25 14:46 9810 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58 333192 -c--a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A06DD01F-46E5-4C6C-B80B-B2C2F9011A8B}]
2007-07-02 14:55 1253376 -c--a-w- c:\program files\Netdisaster\netdisaster_v1.2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C44A92DD-2C95-4125-B857-FD9F5EF07FB5}"= "c:\program files\Netdisaster\netdisaster_v1.2.dll" [2007-07-02 1253376]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{c44a92dd-2c95-4125-b857-fd9f5ef07fb5}]
[HKEY_CLASSES_ROOT\XBTB05199.XBTB05199.3]
[HKEY_CLASSES_ROOT\XBTB05199.XBTB05199]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-08-14 3885408]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-21 68856]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"Meebo Notifier"="l:\program files\Meebo\MeeboNotifier.exe" [2009-08-21 790528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-08 149280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"WinampAgent"="l:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-09-10 258134]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-06-16 167936]
"Fonebook"="c:\program files\Dargan Development\Fonebook\Fonebook.exe" [2009-03-07 411648]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-10 110592]

c:\documents and settings\Thomas\Start Menu\Programs\Startup\
DeskTask.lnk - c:\program files\DeskTask\DeskTask.exe [2009-7-3 1120256]
DestroyTwitter.lnk - c:\program files\DestroyTwitter\DestroyTwitter.exe [2009-7-12 178688]
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 338216]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Seesmic Desktop.lnk - c:\program files\Seesmic Desktop\Seesmic Desktop.exe [2009-7-18 95744]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-30 3581680]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-5-2 95744]
DestroyTwitter.lnk - c:\program files\DestroyTwitter\DestroyTwitter.exe [2009-7-12 178688]
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 338216]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-30 3581680]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-21 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EDTService_c]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"RichVideo"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"libusbd"=2 (0x2)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"IISADMIN"=2 (0x2)
"EDTService_c"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"l:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"l:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"l:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"l:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"l:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Documents and Settings\\Thomas\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 SEAPHIDEPRO;SEAPHIDEPRO;i:\program files\Hide Wizard\hookpro.sys [x]
R2 gupdate1c98ece94fcef42;Google Update Service (gupdate1c98ece94fcef42);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]
R2 TunerFreeMCEService;TunerFreeMCEService;J:\TunerFreeMCEService.exe [x]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;h:\program files\USB Safely Remove\USBSRService.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;j:\common\Database\bin\fbserver.exe [x]
R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-08-07 13352]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-09 29744]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\DRIVERS\KS-959.sys [2005-09-05 19034]
R3 max128k;max128k;c:\windows\system32\drivers\max128k.sys [2004-07-03 3840]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R4 EDTService_c;EDTService_c;c:\program files\IT Works\DataTerminator Lite\EDTService_c.exe [2009-01-15 1246280]
R4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00A\SYMEFA.SYS [2009-08-18 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1007020.00A\BHDrvx86.sys [2009-08-18 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1007020.00A\ccHPx86.sys [2009-08-19 482432]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090810.001\IDSxpx86.sys [2009-07-11 276344]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-09-10 156968]
S2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-12 13696]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe [2009-08-18 117640]
S2 wsppkt;Wireless Security Protocol;c:\windows\system32\DRIVERS\wsp_pkt.sys [2006-01-12 13568]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-10 101936]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [2009-05-28 108032]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-08-19 c:\windows\Tasks\At1.job
- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]

2009-08-23 c:\windows\Tasks\At2.job
- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]

2009-08-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 17:54]

2009-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 18:03]

2009-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 18:03]

2009-08-24 c:\windows\Tasks\User_Feed_Synchronization-{0E9BD3CB-6DC2-4395-B013-BAB9E3D17AC5}.job
- c:\windows\system32\msfeedssync.exe [2009-01-11 04:31]

2009-08-24 c:\windows\Tasks\User_Feed_Synchronization-{E4E26477-CBF1-4661-B610-F3DD79EA1DF1}.job
- c:\windows\system32\msfeedssync.exe [2009-01-11 04:31]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=0060921
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearchAssistant = about:blank
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Thomas\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{C44A92DD-2C95-4125-B857-FD9F5EF07FB5} - {C44A92DD-2C95-4125-B857-FD9F5EF07FB5} - c:\program files\Netdisaster\netdisaster_v1.2.dll
FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\r5pcld2h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/#Home|http://mrtomhill.wordpress.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\r5pcld2h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\Mozilla Firefox 3.5 Beta 4\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 17:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2059986134-1244674111-1205378388-1009\Software\SecuROM\License information*]
"datasecu"=hex:37,5c,d0,a0,3c,fa,04,74,aa,cf,4a,c6,56,d8,ab,cb,53,c6,b2,84,68,
5e,71,f7,da,6a,fa,c7,29,ee,5b,08,51,03,d9,aa,68,69,c8,19,8c,52,08,6d,af,4b,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
Completion time: 2009-08-24 17:10
ComboFix-quarantined-files.txt 2009-08-24 16:10

Pre-Run: 1,973,526,528 bytes free
Post-Run: 4,254,474,240 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(4)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn

774
Attached Files
File Type: txt ComboFix.txt (55.7 KB, 1 views)
Last edited by Ried; 08-24-2009 at 01:56 PM.
Neonfast is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-24-2009, 01:58 PM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Re: Possible winlogon.exe error plus more please help :)
What is this folder? Did you create this?

Quote:
c:\windows\system 34.zip

2007-12-14 19:57 . 2009-01-11 18:45 336471 --sha-w- c:\windows\system 34\aycdd.ini2
2007-09-15 14:23 . 2009-01-11 18:45 88 --sha-r- c:\windows\system 34\C58C46B966.sys
2008-01-22 15:06 . 2009-01-11 18:45 168 --sha-r- c:\windows\system 34\D6DBAA631C.sys
2008-12-28 21:55 . 2009-01-11 18:46 10018 --sha-w- c:\windows\system 34\KGyGaAvL.sys
Also, please enumerate what problems still persist.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-24-2009, 03:22 PM   #10 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 14
OS: Windows XP Service Pack 2


Re: Possible winlogon.exe error plus more please help :)
yeahh i did, someone adviced me to make a copy of system 32 a while ago. and explorer.exe still loads very slowly as does all of start up. certain things like paint shop pro, outlook, cannot be loaded at all. start up takes around half an hour to load, it freezes randomly and its not my ram because i recently doubled it. it happend overnight after i got about 4 viruses, neither spybot or norton can find anymore of them but the system is still oddly slow. it doesnt effect safemode.
Neonfast is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-24-2009, 04:41 PM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Re: Possible winlogon.exe error plus more please help :)
Delete the following folder and file:

c:\program files\mvufsfql
c:\windows\system 34\aycdd.ini2

===============================

Let's see if this online scan picks up any remnants. It can take some time, so please be patient and allow it to run it's full course:


Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


Also, what did Spybot detect and remove?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-26-2009, 04:26 AM   #12 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 14
OS: Windows XP Service Pack 2


Re: Possible winlogon.exe error plus more please help :)
Spybot detected and removed an infected winlogon which was replaced and other trojans which i cant remember the details about. Kaspersky has been running for 12 hours now and is at 44% is this normal?
Neonfast is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-26-2009, 05:44 AM   #13 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Re: Possible winlogon.exe error plus more please help :)
No, that is not normal. Are your onboard Anti Virus and Anti Malware programs disabled? If not, make sure you disable them or every file Kaspersky looks at, your other protection programs are rushing to take a look at too.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-26-2009, 06:18 AM   #14 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 14
OS: Windows XP Service Pack 2


Re: Possible winlogon.exe error plus more please help :)
Ok i am restarting the search with norton off, what antivirus software would u recommend in the future?
Neonfast is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-26-2009, 06:37 AM   #15 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Re: Possible winlogon.exe error plus more please help :)
If Norton360 subscription is already paid for, then keep it. No AV will stop, or be able to clean everything, so it isn't a matter of Norton360 being inadequate. It is very resource intensive and interjects itself deeply into your system which, in my opion, is overkill and not necessary. Kaspersky and Eset do a fantastic job without being so intrusive.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-26-2009, 09:13 AM   #16 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 14
OS: Windows XP Service Pack 2


Re: Possible winlogon.exe error plus more please help :)
It's just norton internet security not 360 but my internet keeps crashing, and that test doesnt seem to go any quicker, with norton off, everything is slow so it could be the virus
Neonfast is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-26-2009, 06:16 PM   #17 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Re: Possible winlogon.exe error plus more please help :)
The problem is that none of the logs are showing any virus or malware. Did you use your Registry cleaner at all?

How exactly, was the winlogon.exe issue sorted out?

This tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I do not want it to clean anything, I only want to see a Report of what it finds. After you've installed and updated the program, I would suggest performing the scan from Safe Mode.


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, we need to change the default settings.
  • In the Menu Bar, Go to Options>Change Settings.
  • Click on the Actions tab
  • Using the drop down menus, change each item under Objects and Malware to Report
  • Next, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'No to All' if it asks if you want to cure/move the file.
  • After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post the contents of the log from Dr.Web you saved previously in your next reply.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2009, 03:19 AM   #18 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 14
OS: Windows XP Service Pack 2


Re: Possible winlogon.exe error plus more please help :)
Wouldnt let me attatch it but here's the file, took 9 hours to complete

GoogleToolbarManager_11CB06797F2F038A.exe;C:\Program Files\Google\Google Toolbar\Component;Probably DLOADER.Trojan;;
Windows.js;C:\Program Files\Messenger Plus! Live\Scripts\Message Customizer! Live;Probably SCRIPT.Virus;;
tbhelper.dll;C:\Program Files\Netdisaster;Adware.Cashdelux;;
A0223185.reg;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP379;Trojan.StartPage.1505;;
A0252790.exe\data032;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP387\A0252790.exe;Probably SCRIPT.Virus;;
A0252790.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP387;Archive contains infected objects;;
A0252791.exe\data032;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP387\A0252791.exe;Probably SCRIPT.Virus;;
A0252791.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP387;Archive contains infected objects;;
A0252792.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP387;Tool.Prockill;;
A0252793.exe\data032;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP387\A0252793.exe;Probably SCRIPT.Virus;;
A0252793.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP387;Archive contains infected objects;;
A0252794.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP387;Tool.Prockill;;
A0252795.vbs;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP387;Probably SCRIPT.Virus;;
Neonfast is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2009, 10:02 AM   #19 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Re: Possible winlogon.exe error plus more please help :)
None of those are anything to be concerned about, nor would be causing the issues you've described. It could be the methods used to remove the malware you did have, have left the system a bit crippled.

Quote:
certain things like paint shop pro, outlook, cannot be loaded at all. start up takes around half an hour to load, it freezes randomly and its not my ram because i recently doubled it.
Have you tried uninstalling then reinstalling Paint Shop Pro? I'd also recommend a repair install of the OS
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:45 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85