Vista Starting and Shutting Down Very Slowly- Not Sure What to Do

**HistoryGirl** · #1 29th Mar 2009, 08:59

Firstly I'm assuming this is the right place to put this.

I went into the Control Panel and Performance and found a couple of performance issues saying:

Startup programs causing windows to start slowly
Programs are causing windows to shut down slowly

The details of these are:

Starting Slowly:

http://i7.photobucket.com/albums/y27...tartslowly.jpg

Shutting Down:

http://i7.photobucket.com/albums/y27...downslowly.jpg

I also ran hijackthis and got this message:

http://i7.photobucket.com/albums/y27...rormessage.jpg

This is probably a really stupid question but how do I rectify these? If you guys could point me in the right direction that would be great.

**evilfantasy** · #2 29th Mar 2009, 11:19

With Vista you have to right click the HJT icon and choose 'Run as Administrator'.

Have you done any maintenance lately? Disk cleanup, defrag?

**HistoryGirl** · #3 30th Mar 2009, 10:11

Yeah I have I've run disk cleanup and defrag recently would that be what was is causing the problems?

New HijackThis Log:

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:00, on 30/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--

**evilfantasy** · #4 30th Mar 2009, 10:30

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

**HistoryGirl** · #5 30th Mar 2009, 11:37

Firstly thanks for the help and advice. I've done what you said HJT and that was fine. However I've done as the link says regarding disabling the AVG resident shield, yet despite this when I try and run combofix it, it still says AVG anti-virus is running so I'm not quite sure why.

Would you suggest maybe restarting my system?

**evilfantasy** · #6 30th Mar 2009, 13:39

AVG and Combofix have that issue. Just run ComboFix anyway. If AVG tries to block it then just allow it to run.

**HistoryGirl** · #7 30th Mar 2009, 14:21

Right ok all done. Log as requested.

Quote:

ComboFix 09-03-29.04 - CHLOE 2009-03-30 21:54:30.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.967 [GMT 1:00]
Running from: c:\users\CHLOE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-29 16:23 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-29 16:23 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-29 16:23 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-29 16:23 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2009-03-29 16:23 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-29 16:23 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-29 16:23 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-29 16:23 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-29 16:15 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-29 16:15 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-29 16:15 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-29 16:14 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-29 16:14 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-29 13:52 . 2009-03-29 13:53 <DIR> d-------- c:\program files\Defraggler
2009-03-29 13:26 . 2008-02-23 05:38 170,496 --a------ c:\windows\System32\tcpipcfg.dll
2009-03-29 13:26 . 2008-02-23 03:41 22,528 --a------ c:\windows\System32\netiougc.exe
2009-03-29 13:25 . 2009-02-16 00:10 1,221,512 --a------ c:\windows\System32\zpeng25.dll
2009-03-17 21:57 . 2009-03-17 21:57 <DIR> d-------- c:\program files\Microsoft
2009-03-17 21:56 . 2009-03-17 21:56 <DIR> d-------- c:\windows\PCHEALTH
2009-03-16 22:43 . 2009-03-28 22:36 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-16 20:59 . 2009-03-16 20:59 25 --a------ c:\windows\cdplayer.ini
2009-03-14 00:34 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-03-14 00:34 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-03-14 00:34 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-03-14 00:34 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-03-14 00:34 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-03-14 00:29 . 2009-03-14 00:29 <DIR> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-14 00:29 . 2009-03-14 00:29 <DIR> d-------- c:\program files\iTunes
2009-03-14 00:29 . 2009-03-14 00:29 <DIR> d-------- c:\program files\iPod
2009-03-14 00:29 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-03-14 00:29 . 2009-01-15 13:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-03-14 00:26 . 2009-03-14 00:27 <DIR> d-------- c:\program files\QuickTime
2009-03-12 23:39 . 2009-03-12 23:39 <DIR> d-------- c:\programdata\Kontiki
2009-03-12 23:39 . 2009-03-12 23:39 <DIR> d-------- c:\program files\Kontiki
2009-03-12 23:39 . 2009-03-12 23:39 <DIR> d-------- c:\program files\Channel4
2009-03-12 23:38 . 2009-03-12 23:38 <DIR> d-------- c:\programdata\Channel4
2009-03-11 22:33 . 2009-03-30 21:10 <DIR> d-------- c:\users\CHLOE\Tracing
2009-03-11 22:22 . 2009-03-11 22:22 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-11 22:22 . 2009-03-17 21:57 <DIR> d-------- c:\program files\Windows Live
2009-03-11 21:57 . 2009-03-11 21:57 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-11 13:13 . 2009-03-11 21:47 <DIR> d-------- c:\program files\Amazon
2009-03-11 13:13 . 2009-03-11 13:13 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-03-11 02:09 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-03-11 02:09 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-03-11 02:05 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 02:05 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 02:05 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 02:05 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 02:03 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-03-11 02:03 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 02:02 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-02-06 19:52 . 2009-02-06 19:52 49,504 --a------ c:\windows\System32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-30 21:07 350,195 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-03-30 21:07 --------- d---a-w c:\programdata\TEMP
2009-03-29 14:42 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-29 14:42 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 14:42 --------- d-----w c:\program files\CCleaner
2009-03-19 16:48 --------- d-----w c:\users\CHLOE\AppData\Roaming\uTorrent
2009-03-16 19:58 --------- d-----w c:\program files\Common Files\Real
2009-03-13 23:29 --------- d-----w c:\programdata\Apple Computer
2009-03-13 23:29 --------- d-----w c:\program files\Common Files\Apple
2009-03-13 23:27 --------- d-----w c:\program files\Bonjour
2009-03-12 22:24 --------- d-----w c:\program files\Google
2009-03-11 23:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-11 23:05 --------- d-----w c:\program files\Windows Mail
2009-03-11 12:13 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-11 11:52 --------- d-----w c:\programdata\avg8
2009-02-15 23:11 293,528 ----a-w c:\windows\system32\drivers\vsdatant.sys
2009-01-14 20:20 55,232 ----a-w c:\users\CHLOE\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-12-31 21:51 13,025 ----a-w c:\users\CHLOE\AppData\Roaming\nvModes.dat
2008-12-31 14:32 174 --sha-w c:\program files\desktop.ini
2008-11-19 15:31 81,920 ----a-w c:\users\CHLOE\AppData\Roaming\ezpinst.exe
2008-11-19 15:31 47,360 ----a-w c:\users\CHLOE\AppData\Roaming\pcouffin.sys
2007-05-31 18:23 77,160 ----a-w c:\users\CHLOE\DSETUP.dll
2007-05-31 18:23 503,144 ----a-w c:\users\CHLOE\DXSETUP.exe
2007-05-31 18:23 1,673,576 ----a-w c:\users\CHLOE\dsetup32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-05-15 33136]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-04-23 12:23 1032640 c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 d:\program files\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
--a------ 2007-05-15 05:12 37232 c:\windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
--a------ 2006-11-02 16:27 61440 c:\program files\ASUS\ATK Media\DMedia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-03-11 13:13 1601304 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
-ra------ 2003-12-21 22:11 17920 c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-03-17 22:06 133104 c:\users\CHLOE\AppData\Local\Google\Update\GoogleU pdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-11 14:52 342312 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 19:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-04 12:40 8429568 c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-04 12:40 81920 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-04-04 12:40 86016 c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-03-05 16:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-03-16 20:58 198160 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 22:48 479232 c:\program files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-02-15 10:07 4390912 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{71E74FA5-D1FA-4A82-9121-AE2CACB2ED04}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2FE2345B-5C77-485E-9855-FC6024DE75EC}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CC9CFD37-6799-47CF-9AEE-1063F21C5548}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D44E6E8-68F3-42F0-B97E-1081F1354874}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire 4.12.15
"{B2393435-26B3-4482-A391-C964F3370D66}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire 4.12.15
"{1B1039C9-3AEF-4B2E-85CA-DA79FB7CDBD3}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F9EC3544-5A35-4D84-A067-E7167563791A}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A9CE85F3-F9BA-4875-B169-9DEF59911C8A}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0FAAFA32-F5A3-4C35-9AFD-A648E4B3016E}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{CDC85196-C503-4F00-82DC-B95F8D021895}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{5D761702-BEB7-4B94-B693-1A7EF8E441ED}c:\\program files\\easy webtv & radio\\easywebtv.exe"= UDP:c:\program files\easy webtv & radio\easywebtv.exe:Web TV\Radio\Media
"UDP Query User{A7E2F9B1-976E-49B1-960A-8FE671DECB26}c:\\program files\\easy webtv & radio\\easywebtv.exe"= TCP:c:\program files\easy webtv & radio\easywebtv.exe:Web TV\Radio\Media
"{978D57EE-8CEF-4E88-B3CC-472590D8A602}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{038AD6DB-57BA-4294-B6BE-DC5AC329D87A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{20F3997A-2406-42BC-9A96-17DBA8717938}c:\\program files\\soulseek\\slsk.exe"= UDP:c:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{EBEDABDC-8DFA-4EA4-83A0-5D79C8A2BE45}c:\\program files\\soulseek\\slsk.exe"= TCP:c:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{A2D20908-089C-441B-B9C8-C8811AFCAB9E}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{0B6B64F6-D6E9-4D1D-B83A-E6E85E360C05}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{2E890455-237D-4ABA-BE37-B5E6E1862834}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DDAAC8F6-7557-495A-82B3-EBFF9330A2CC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5131D757-BC24-44C9-8EA5-E268DFC6DCAC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{4C52E1A6-D998-41D5-8E99-27F21E3CA7CB}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{80235B6B-2462-4AC3-8A59-7534841DE76B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{049DD1E6-8191-4983-A59D-240E79B46042}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{9A00A32D-A675-4425-8F5E-1528AAB521FB}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{348698D9-5A1D-4E1C-AC00-DBDC43BE0ACF}c:\\program files\\soulseek\\slsk.exe"= UDP:c:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{60AFF659-3A7C-488C-9CCA-0A8589DD32FA}c:\\program files\\soulseek\\slsk.exe"= TCP:c:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{3EF98A58-7B3C-42B1-8A5A-CF7DEF59C2A7}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{D8A0735D-6D19-4482-A90A-35A9D023DEBE}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{7B392C25-D64F-4897-B5CC-5C9B83106BB0}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9990806D-9198-4760-93E7-C65D44E1FE8A}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{9998DAB7-D775-4620-A491-D752230551A3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B9293167-A4DC-43ED-893B-B5B1B89F9988}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B04F6C2B-953A-469D-AFD8-4F3AE27A4941}c:\\users\\chloe\\appdata\\roaming\\s opcast\\adv\\sopadver.exe"= UDP:c:\users\chloe\appdata\roaming\sopcast\adv\sop adver.exe:sopadver.exe
"UDP Query User{914B6A2A-9A2A-43A8-B4EA-BB1EEDC476B5}c:\\users\\chloe\\appdata\\roaming\\s opcast\\adv\\sopadver.exe"= TCP:c:\users\chloe\appdata\roaming\sopcast\adv\sop adver.exe:sopadver.exe
"TCP Query User{69F8C35B-6614-4033-B40E-59012B10975A}c:\\program files\\bearflix\\bearflix.exe"= UDP:c:\program files\bearflix\bearflix.exe:BearFlix
"UDP Query User{89ABF64F-F79E-456D-9136-82A8675A3E17}c:\\program files\\bearflix\\bearflix.exe"= TCP:c:\program files\bearflix\bearflix.exe:BearFlix
"{8D76BC83-ABC9-406B-8945-366EA3B7074B}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{9FC79C86-3E66-4A61-AA2A-FAB0C61E0453}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"TCP Query User{9FF9F89E-5323-45DB-89F0-BA37B84180EE}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{C10505B7-BDD4-49BB-93E6-E73B8E6C4E33}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{A9E241F3-D69C-4E67-938B-33C91AB576A1}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVU Player Component
"UDP Query User{D3542B64-2CF9-4C20-B6CB-1D9096FF27EB}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVU Player Component
"{F8B68D6E-3A24-4B31-8261-FB3CA92B5740}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{4E95BA55-EDF5-491D-9059-F11FF353A128}c:\\users\\chloe\\appdata\\roaming\\s opcast\\adv\\sopadver.exe"= UDP:c:\users\chloe\appdata\roaming\sopcast\adv\sop adver.exe:sopadver.exe
"UDP Query User{55C79E39-F1AC-45C7-8F99-995A835F089A}c:\\users\\chloe\\appdata\\roaming\\s opcast\\adv\\sopadver.exe"= TCP:c:\users\chloe\appdata\roaming\sopcast\adv\sop adver.exe:sopadver.exe
"TCP Query User{A3EF2380-6740-4FD5-913E-D67F54A54B11}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{E9C164FD-CB41-4D08-9DBA-BDDB929D1C86}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{C1148110-2D5B-4810-8651-98FBFD3A6751}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F15683E5-A578-47EE-BEB1-4541978254F4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CCA39E89-B85B-41BA-9A33-CA6DB37579E4}d:\\program files\\clue.exe"= UDP:d:\program files\clue.exe:Clue
"UDP Query User{39F3C83F-DCF0-43B4-B149-19F3630B3078}d:\\program files\\clue.exe"= TCP:d:\program files\clue.exe:Clue
"{01834D55-82B5-480D-BEFF-52EDB82BB8B5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{90ECB35B-6897-4166-A35A-04BC39978BA9}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{504F647E-1476-4948-AA42-DC1DF85CA9A8}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{CC411EBB-9ACA-4217-9994-ABB961E83B3C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{031AA3B5-F93B-4E4B-9ED7-66C6B9FFF3E8}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{1D54F818-ABAC-418F-8F39-17EA7664FABE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3C9FFAF4-40EA-450F-A906-D34D3E2EFA72}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6AC9F5D1-C3AC-4878-8740-8A3E10F857E2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{77045B5E-EC2E-4749-AC23-32130CD39567}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{00BE12C0-42CB-4B64-AA07-80A45C05B97C}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{0A529C81-B8E4-4809-A54B-B5141A997A78}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-12-24 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-03-11 107272]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdis k.sys [2006-05-16 23496]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows \System32\drivers\psd.sys [2007-01-23 39080]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2008-08-07 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2008-08-07 21504]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-11 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-11 298264]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\BinarySense\HDDlife 3\hldasvc.exe [2007-08-09 816376]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2007-07-15 1153368]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-02-07 24576]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sy s [2007-03-15 48128]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [2007-02-13 1245056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1a4a90a1-32d4-11dc-aa3d-001bfc03310e}]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c1865685-0291-11dc-b943-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-11 c:\windows\Tasks\Defrag Job #00.job
- c:\program files\DiskTrix\UltimateDefrag\UDefrag.exe []

2009-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3600620296-2450975610-132854369-1000.job
- c:\users\CHLOE\AppData\Local\Google\Update\GoogleU pdate.exe [2009-03-17 22:06]

2009-03-30 c:\windows\Tasks\User_Feed_Synchronization-{5963E371-2796-42F4-9A54-042DA9F406BC}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\CHLOE\AppData\Roaming\Mozilla\Firefox\Pro files\ppnzryw9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1178131&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector .dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - component: c:\users\CHLOE\AppData\Roaming\Mozilla\Firefox\Pro files\ppnzryw9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes. dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\CHLOE\AppData\Local\Google\Update\1.2.141 .5\npGoogleOneClick7.dll
FF - plugin: d:\program files\Reader\browser\nppdf32.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08); user_pref(general.useragent.extra.zencast, Creative ZENcast v2.00.07.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 22:08:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(696)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(5000)
c:\program files\RocketDock\RocketDock.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\ZoneLabs\vsmon.exe
c:\windows\System32\wlanext.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\System32\IFXTCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\IfxPsdSv.exe
c:\windows\System32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\IfxUAGUI.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTNA.exe
c:\windows\System32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2009-03-30 22:16:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-30 21:15:12

Pre-Run: 38,800,285,696 bytes free
Post-Run: 38,307,028,992 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=41 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 ,36,37,38,39,40,41
354 --- E O F --- 2009-03-29 15:30:34

Another quick question firefox seems to be running a bit slower than usual and when I close it down and go to start it up a while later. It comes up with a message saying firefox is currently running but not responding. Please close all versions before trying again or something along those lines. Would that log indicate/show any reason for this? Sorry if thats a stupid question.

**evilfantasy** · #8 30th Mar 2009, 15:17

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1865685-0291-11dc-b943-806e6f6e6963}]

Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1178131&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

Go to your desktop and double click on the removal tool and then click Setup.
Once open Click Next
Accept the license agreement and click Next
Type in the letters/numbers that you see into the text box then click Next.
Then click Next and the tool will start running.
Once finished restart the PC.
Delete Nortonremoval tool from your Desktop.

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa

Unzip the file and open the JavaRa.exe
Click Remove Older Versions
JavaRa will search for and remove any outdated version of Java and remove any that are found.
Click Additional Tasks
Place a check next to Remove Useless JRE Files and click Go
Exit JavaRa
Delete the JavaRa files from the Desktop

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

Under Main: Select Files to Delete choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
Click Exit on the Main menu to close the program.

Note that your system will run slower for a reboot or two after having used this tool so don't panic.

Important: Restart the computer before continuing.

----------

How is the computer running now?

**HistoryGirl** · #9 31st Mar 2009, 09:25

New ComboFix Log:

ComboFix 09-03-29.04 - CHLOE 2009-03-31 16:37:20.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.1173 [GMT 1:00]
Running from: c:\users\CHLOE\Desktop\ComboFix.exe
Command switches used :: c:\users\CHLOE\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-31 17:15 . 2009-03-31 17:15 45,056 --a------ c:\windows\System32\acovcnt.exe
2009-03-30 22:26 . 2009-03-30 22:26 <DIR> d-------- c:\program files\MediaMonkey
2009-03-29 16:23 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-29 16:23 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-29 16:23 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-29 16:23 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2009-03-29 16:23 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-29 16:23 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-29 16:23 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-29 16:23 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-29 16:15 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-29 16:15 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-29 16:15 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-29 16:14 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-29 16:14 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-29 13:52 . 2009-03-29 13:53 <DIR> d-------- c:\program files\Defraggler
2009-03-29 13:26 . 2008-02-23 05:38 170,496 --a------ c:\windows\System32\tcpipcfg.dll
2009-03-29 13:26 . 2008-02-23 03:41 22,528 --a------ c:\windows\System32\netiougc.exe
2009-03-29 13:25 . 2009-02-16 00:10 1,221,512 --a------ c:\windows\System32\zpeng25.dll
2009-03-17 21:57 . 2009-03-17 21:57 <DIR> d-------- c:\program files\Microsoft
2009-03-17 21:56 . 2009-03-17 21:56 <DIR> d-------- c:\windows\PCHEALTH
2009-03-16 22:43 . 2009-03-28 22:36 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-16 20:59 . 2009-03-16 20:59 25 --a------ c:\windows\cdplayer.ini
2009-03-14 00:34 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-03-14 00:34 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-03-14 00:34 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-03-14 00:34 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-03-14 00:34 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-03-14 00:29 . 2009-03-14 00:29 <DIR> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-14 00:29 . 2009-03-14 00:29 <DIR> d-------- c:\program files\iTunes
2009-03-14 00:29 . 2009-03-14 00:29 <DIR> d-------- c:\program files\iPod
2009-03-14 00:29 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-03-14 00:29 . 2009-01-15 13:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-03-14 00:26 . 2009-03-14 00:27 <DIR> d-------- c:\program files\QuickTime
2009-03-12 23:39 . 2009-03-12 23:39 <DIR> d-------- c:\programdata\Kontiki
2009-03-12 23:39 . 2009-03-12 23:39 <DIR> d-------- c:\program files\Kontiki
2009-03-12 23:39 . 2009-03-12 23:39 <DIR> d-------- c:\program files\Channel4
2009-03-12 23:38 . 2009-03-12 23:38 <DIR> d-------- c:\programdata\Channel4
2009-03-11 22:33 . 2009-03-31 17:16 <DIR> d-------- c:\users\CHLOE\Tracing
2009-03-11 22:22 . 2009-03-11 22:22 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-11 22:22 . 2009-03-17 21:57 <DIR> d-------- c:\program files\Windows Live
2009-03-11 21:57 . 2009-03-11 21:57 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-11 13:13 . 2009-03-11 21:47 <DIR> d-------- c:\program files\Amazon
2009-03-11 13:13 . 2009-03-11 13:13 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-03-11 02:09 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-03-11 02:09 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-03-11 02:05 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 02:05 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 02:05 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 02:05 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 02:03 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-03-11 02:03 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 02:02 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-02-06 19:52 . 2009-02-06 19:52 49,504 --a------ c:\windows\System32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-31 16:15 --------- d---a-w c:\programdata\TEMP
2009-03-31 16:14 350,195 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-03-29 14:42 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-29 14:42 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 14:42 --------- d-----w c:\program files\CCleaner
2009-03-19 16:48 --------- d-----w c:\users\CHLOE\AppData\Roaming\uTorrent
2009-03-16 19:58 --------- d-----w c:\program files\Common Files\Real
2009-03-13 23:29 --------- d-----w c:\programdata\Apple Computer
2009-03-13 23:29 --------- d-----w c:\program files\Common Files\Apple
2009-03-13 23:27 --------- d-----w c:\program files\Bonjour
2009-03-12 22:24 --------- d-----w c:\program files\Google
2009-03-11 23:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-11 23:05 --------- d-----w c:\program files\Windows Mail
2009-03-11 12:13 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-11 11:52 --------- d-----w c:\programdata\avg8
2009-02-15 23:11 293,528 ----a-w c:\windows\system32\drivers\vsdatant.sys
2009-01-14 20:20 55,232 ----a-w c:\users\CHLOE\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-12-31 21:51 13,025 ----a-w c:\users\CHLOE\AppData\Roaming\nvModes.dat
2008-12-31 14:32 174 --sha-w c:\program files\desktop.ini
2008-11-19 15:31 81,920 ----a-w c:\users\CHLOE\AppData\Roaming\ezpinst.exe
2008-11-19 15:31 47,360 ----a-w c:\users\CHLOE\AppData\Roaming\pcouffin.sys
2007-05-31 18:23 77,160 ----a-w c:\users\CHLOE\DSETUP.dll
2007-05-31 18:23 503,144 ----a-w c:\users\CHLOE\DXSETUP.exe
2007-05-31 18:23 1,673,576 ----a-w c:\users\CHLOE\dsetup32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-30_22.13.33.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-31 16:14:31 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-03-31 16:14:31 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-03-30 21:07:56 1,048,576 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-31 16:15:44 1,048,576 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-03-30 21:07:56 1,048,576 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-03-31 16:15:44 1,048,576 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
- 2009-03-30 21:07:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-03-31 16:14:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-03-30 21:07:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-31 16:14:35 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-30 21:07:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-31 16:14:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-30 19:05:35 126,818 ----a-w c:\windows\System32\perfc007.dat
+ 2009-03-31 15:21:23 126,818 ----a-w c:\windows\System32\perfc007.dat
- 2009-03-30 19:05:35 119,076 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-31 15:21:23 119,076 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-30 19:05:35 127,578 ----a-w c:\windows\System32\perfc00C.dat
+ 2009-03-31 15:21:23 127,578 ----a-w c:\windows\System32\perfc00C.dat
- 2009-03-30 19:05:35 124,352 ----a-w c:\windows\System32\perfc010.dat
+ 2009-03-31 15:21:23 124,352 ----a-w c:\windows\System32\perfc010.dat
- 2009-03-30 19:05:35 130,866 ----a-w c:\windows\System32\perfc013.dat
+ 2009-03-31 15:21:23 130,866 ----a-w c:\windows\System32\perfc013.dat
- 2009-03-30 19:05:35 130,272 ----a-w c:\windows\System32\perfc019.dat
+ 2009-03-31 15:21:23 130,272 ----a-w c:\windows\System32\perfc019.dat
- 2009-03-30 19:05:35 620,942 ----a-w c:\windows\System32\perfh007.dat
+ 2009-03-31 15:21:23 620,942 ----a-w c:\windows\System32\perfh007.dat
- 2009-03-30 19:05:35 644,794 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-31 15:21:23 644,794 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-30 19:05:35 672,380 ----a-w c:\windows\System32\perfh00C.dat
+ 2009-03-31 15:21:23 672,380 ----a-w c:\windows\System32\perfh00C.dat
- 2009-03-30 19:05:35 666,234 ----a-w c:\windows\System32\perfh010.dat
+ 2009-03-31 15:21:23 666,234 ----a-w c:\windows\System32\perfh010.dat
- 2009-03-30 19:05:35 669,852 ----a-w c:\windows\System32\perfh013.dat
+ 2009-03-31 15:21:23 669,852 ----a-w c:\windows\System32\perfh013.dat
- 2009-03-30 19:05:35 657,990 ----a-w c:\windows\System32\perfh019.dat
+ 2009-03-31 15:21:23 657,990 ----a-w c:\windows\System32\perfh019.dat
- 2009-03-30 19:03:55 17,414 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3600620296-2450975610-132854369-1000_UserData.bin
+ 2009-03-31 16:17:14 18,026 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3600620296-2450975610-132854369-1000_UserData.bin
- 2009-03-30 19:03:55 81,750 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-03-31 16:17:14 81,884 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2009-03-30 19:03:54 68,204 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-03-31 15:15:30 68,346 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-05-15 33136]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-04-23 12:23 1032640 c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 d:\program files\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
--a------ 2007-05-15 05:12 37232 c:\windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
--a------ 2006-11-02 16:27 61440 c:\program files\ASUS\ATK Media\DMedia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-03-11 13:13 1601304 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
-ra------ 2003-12-21 22:11 17920 c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-03-17 22:06 133104 c:\users\CHLOE\AppData\Local\Google\Update\GoogleU pdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-11 14:52 342312 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 19:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-04 12:40 8429568 c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-04 12:40 81920 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-04-04 12:40 86016 c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-03-05 16:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-03-16 20:58 198160 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 22:48 479232 c:\program files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-02-15 10:07 4390912 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{71E74FA5-D1FA-4A82-9121-AE2CACB2ED04}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2FE2345B-5C77-485E-9855-FC6024DE75EC}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CC9CFD37-6799-47CF-9AEE-1063F21C5548}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D44E6E8-68F3-42F0-B97E-1081F1354874}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire 4.12.15
"{B2393435-26B3-4482-A391-C964F3370D66}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire 4.12.15
"{1B1039C9-3AEF-4B2E-85CA-DA79FB7CDBD3}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F9EC3544-5A35-4D84-A067-E7167563791A}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A9CE85F3-F9BA-4875-B169-9DEF59911C8A}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0FAAFA32-F5A3-4C35-9AFD-A648E4B3016E}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{CDC85196-C503-4F00-82DC-B95F8D021895}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{5D761702-BEB7-4B94-B693-1A7EF8E441ED}c:\\program files\\easy webtv & radio\\easywebtv.exe"= UDP:c:\program files\easy webtv & radio\easywebtv.exe:Web TV\Radio\Media
"UDP Query User{A7E2F9B1-976E-49B1-960A-8FE671DECB26}c:\\program files\\easy webtv & radio\\easywebtv.exe"= TCP:c:\program files\easy webtv & radio\easywebtv.exe:Web TV\Radio\Media
"{978D57EE-8CEF-4E88-B3CC-472590D8A602}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{038AD6DB-57BA-4294-B6BE-DC5AC329D87A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{20F3997A-2406-42BC-9A96-17DBA8717938}c:\\program files\\soulseek\\slsk.exe"= UDP:c:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{EBEDABDC-8DFA-4EA4-83A0-5D79C8A2BE45}c:\\program files\\soulseek\\slsk.exe"= TCP:c:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{A2D20908-089C-441B-B9C8-C8811AFCAB9E}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{0B6B64F6-D6E9-4D1D-B83A-E6E85E360C05}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{2E890455-237D-4ABA-BE37-B5E6E1862834}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DDAAC8F6-7557-495A-82B3-EBFF9330A2CC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5131D757-BC24-44C9-8EA5-E268DFC6DCAC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{4C52E1A6-D998-41D5-8E99-27F21E3CA7CB}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{80235B6B-2462-4AC3-8A59-7534841DE76B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{049DD1E6-8191-4983-A59D-240E79B46042}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{9A00A32D-A675-4425-8F5E-1528AAB521FB}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{348698D9-5A1D-4E1C-AC00-DBDC43BE0ACF}c:\\program files\\soulseek\\slsk.exe"= UDP:c:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{60AFF659-3A7C-488C-9CCA-0A8589DD32FA}c:\\program files\\soulseek\\slsk.exe"= TCP:c:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{3EF98A58-7B3C-42B1-8A5A-CF7DEF59C2A7}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{D8A0735D-6D19-4482-A90A-35A9D023DEBE}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{7B392C25-D64F-4897-B5CC-5C9B83106BB0}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9990806D-9198-4760-93E7-C65D44E1FE8A}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{9998DAB7-D775-4620-A491-D752230551A3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B9293167-A4DC-43ED-893B-B5B1B89F9988}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B04F6C2B-953A-469D-AFD8-4F3AE27A4941}c:\\users\\chloe\\appdata\\roaming\\s opcast\\adv\\sopadver.exe"= UDP:c:\users\chloe\appdata\roaming\sopcast\adv\sop adver.exe:sopadver.exe
"UDP Query User{914B6A2A-9A2A-43A8-B4EA-BB1EEDC476B5}c:\\users\\chloe\\appdata\\roaming\\s opcast\\adv\\sopadver.exe"= TCP:c:\users\chloe\appdata\roaming\sopcast\adv\sop adver.exe:sopadver.exe
"TCP Query User{69F8C35B-6614-4033-B40E-59012B10975A}c:\\program files\\bearflix\\bearflix.exe"= UDP:c:\program files\bearflix\bearflix.exe:BearFlix
"UDP Query User{89ABF64F-F79E-456D-9136-82A8675A3E17}c:\\program files\\bearflix\\bearflix.exe"= TCP:c:\program files\bearflix\bearflix.exe:BearFlix
"{8D76BC83-ABC9-406B-8945-366EA3B7074B}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{9FC79C86-3E66-4A61-AA2A-FAB0C61E0453}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"TCP Query User{9FF9F89E-5323-45DB-89F0-BA37B84180EE}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{C10505B7-BDD4-49BB-93E6-E73B8E6C4E33}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{A9E241F3-D69C-4E67-938B-33C91AB576A1}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVU Player Component
"UDP Query User{D3542B64-2CF9-4C20-B6CB-1D9096FF27EB}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVU Player Component
"{F8B68D6E-3A24-4B31-8261-FB3CA92B5740}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{4E95BA55-EDF5-491D-9059-F11FF353A128}c:\\users\\chloe\\appdata\\roaming\\s opcast\\adv\\sopadver.exe"= UDP:c:\users\chloe\appdata\roaming\sopcast\adv\sop adver.exe:sopadver.exe
"UDP Query User{55C79E39-F1AC-45C7-8F99-995A835F089A}c:\\users\\chloe\\appdata\\roaming\\s opcast\\adv\\sopadver.exe"= TCP:c:\users\chloe\appdata\roaming\sopcast\adv\sop adver.exe:sopadver.exe
"TCP Query User{A3EF2380-6740-4FD5-913E-D67F54A54B11}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{E9C164FD-CB41-4D08-9DBA-BDDB929D1C86}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{C1148110-2D5B-4810-8651-98FBFD3A6751}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F15683E5-A578-47EE-BEB1-4541978254F4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CCA39E89-B85B-41BA-9A33-CA6DB37579E4}d:\\program files\\clue.exe"= UDP:d:\program files\clue.exe:Clue
"UDP Query User{39F3C83F-DCF0-43B4-B149-19F3630B3078}d:\\program files\\clue.exe"= TCP:d:\program files\clue.exe:Clue
"{01834D55-82B5-480D-BEFF-52EDB82BB8B5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{90ECB35B-6897-4166-A35A-04BC39978BA9}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{504F647E-1476-4948-AA42-DC1DF85CA9A8}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{CC411EBB-9ACA-4217-9994-ABB961E83B3C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{031AA3B5-F93B-4E4B-9ED7-66C6B9FFF3E8}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{1D54F818-ABAC-418F-8F39-17EA7664FABE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3C9FFAF4-40EA-450F-A906-D34D3E2EFA72}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6AC9F5D1-C3AC-4878-8740-8A3E10F857E2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{77045B5E-EC2E-4749-AC23-32130CD39567}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{00BE12C0-42CB-4B64-AA07-80A45C05B97C}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{0A529C81-B8E4-4809-A54B-B5141A997A78}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-12-24 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-03-11 107272]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdis k.sys [2006-05-16 23496]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows \System32\drivers\psd.sys [2007-01-23 39080]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2008-08-07 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2008-08-07 21504]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-11 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-11 298264]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\BinarySense\HDDlife 3\hldasvc.exe [2007-08-09 816376]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2007-07-15 1153368]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-02-07 24576]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sy s [2007-03-15 48128]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [2007-02-13 1245056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1a4a90a1-32d4-11dc-aa3d-001bfc03310e}]
\shell\AutoRun\command - H:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-11 c:\windows\Tasks\Defrag Job #00.job
- c:\program files\DiskTrix\UltimateDefrag\UDefrag.exe []

2009-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3600620296-2450975610-132854369-1000.job
- c:\users\CHLOE\AppData\Local\Google\Update\GoogleU pdate.exe [2009-03-17 22:06]

2009-03-30 c:\windows\Tasks\User_Feed_Synchronization-{5963E371-2796-42F4-9A54-042DA9F406BC}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\CHLOE\AppData\Roaming\Mozilla\Firefox\Pro files\ppnzryw9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1178131&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector .dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - component: c:\users\CHLOE\AppData\Roaming\Mozilla\Firefox\Pro files\ppnzryw9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes. dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\CHLOE\AppData\Local\Google\Update\1.2.141 .5\npGoogleOneClick7.dll
FF - plugin: d:\program files\Reader\browser\nppdf32.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08); user_pref(general.useragent.extra.zencast, Creative ZENcast v2.00.07.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 17:16:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

„10ûÿét0ûÿ3ö9sHu [1166747253] 0x75636F44
„10ûÿét0ûÿ3ö9sHu [1166747253] 0x6F6D6D6F
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(704)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(3304)
c:\program files\RocketDock\RocketDock.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\ZoneLabs\vsmon.exe
c:\windows\System32\wlanext.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\System32\IFXTCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\IfxPsdSv.exe
c:\windows\System32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\System32\IfxUAGUI.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTNA.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\dllhost.exe
.
************************************************** ************************
.
Completion time: 2009-03-31 17:23:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-31 16:23:16
ComboFix2.txt 2009-03-30 21:16:26

Pre-Run: 39,213,060,096 bytes free
Post-Run: 38,632,595,456 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=41 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 ,36,37,38,39,40,41
396 --- E O F --- 2009-03-29 15:30:34

**HistoryGirl** · #10 31st Mar 2009, 09:48

Regarding the Norton removal I've never installed norton on here so why is symantec listed?

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Is my computer running slowly due to software or hardware?	beerboy	General Hardware Chat	13	3rd Sep 2009 22:29
Dell Laptop - Trouble Starting Windows - Keeps Shutting Off	jazker	Laptops, Mobiles & PDAs	4	25th Mar 2009 06:59
Why does McAfee scan so slowly?	stevescholes	Virus, Spyware & Security	3	29th Dec 2008 15:48
My Vista Freezes shortly after starting.	Jyan29	General Hardware Chat	2	30th Nov 2008 16:40
My hi-spec pc is running some games slowly even on low settings	aidan2007	PC & Console Gaming	2	17th Nov 2007 05:52