Active [Google results are redirects]

[Active] [Google results are redirects]

Having just bought this 8 monthh old laptop - all was well until very recently when I launched google, clicked a link and was immediately redirected to some other search engine. Google seems to take a long time to load nowas well. To top this off, everything started to run slow. Ive cleaned out 5 virus using a multtude of AVG's and now appear to be "clean" - but I still have tjis problem with google redirects and occasionally slow loading of webpages - can anyone please advise


Cheers,

Jim

 

Please read this and post the requested logs. I should add that the people in this forum can be quite busy at times but I'm sure your post will be picked up by one of the experts.

 

Logfile of random's system information tool 1.05 (written by random/random)
Run by lisa at 2009-01-04 19:16:45
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 1
System drive C: has 9 GB (12%) free of 69 GB
Total RAM: 892 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:11, on 04/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\MICROS~3\wkcalrem.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\lisa\Desktop\RSIT.exe
C:\Program Files\trend micro\lisa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com/welcome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\lisa\AppData\Local\Temp\awtUMeCR.dll,c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.streamerp2p.com/sfiles/phasex.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://ac-chat.com/main/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

--
End of file - 7231 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SiSTray "=C:\Program Files\SiS VGA Utilities\SiSTray.exe [2007-08-24 552960]
"RtHDVCpl "=C:\Windows\RtHDVCpl.exe [2007-08-09 4702208]
"Skytel "=C:\Windows\Skytel.exe [2007-08-03 1826816]
"OSD "=C:\Program Files\C&E\OSD\osd.exe [2007-08-28 671801]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"vptray "=C:\Program Files\NavNT\vptray.exe [2001-09-24 73728]
"avgnt "=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"msnmsgr "=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"cmds "=C:\Users\lisa\AppData\Local\Temp\awtUMeCR.dll []
"ehTray.exe "=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Sony Ericsson PC Suite "=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 393216]
"WMPNSCFG "=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder_MUI]
C:\Applications\oem\Reminder\Reminder_MUI.exe [2007-07-20 1089536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0470Cfg.exe]
V0470Cfg.exe /d:5 []

C:\Users\lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\Windows\system32\NavLogon.dll [2001-09-24 45056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"EnableUIADesktopToggle "=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcc2b28c-d13c-11dd-8a41-0011675f2345}]
shell\AutoRun\command - RavMon.exe
shell\explore\command - RavMon.exe -e
shell\open\command - RavMon.exe


======List of files/folders created in the last 3 months======

2009-01-04 19:16:47 ----D---- C:\Program Files\trend micro
2009-01-04 19:16:45 ----D---- C:\rsit
2009-01-03 22:51:21 ----D---- C:\ProgramData\Avira
2009-01-03 22:51:21 ----D---- C:\Program Files\Avira
2009-01-01 21:16:45 ----D---- C:\Program Files\Streamer
2009-01-01 18:42:29 ----A---- C:\Windows\system32\GDS32.DLL
2009-01-01 18:05:39 ----D---- C:\Program Files\SpacialAudio
2009-01-01 18:05:22 ----D---- C:\Program Files\Firebird
2009-01-01 16:42:39 ----D---- C:\ProgramData\Symantec Temporary Files
2009-01-01 16:34:42 ----A---- C:\Windows\VPC32.INI
2009-01-01 15:54:58 ----A---- C:\Windows\system32\SYMEVNT1.DLL
2009-01-01 15:54:58 ----A---- C:\Windows\system32\S32EVNT1.DLL
2009-01-01 15:54:37 ----A---- C:\Windows\ODBC.INI
2009-01-01 15:54:36 ----D---- C:\Windows\system32\CBA
2009-01-01 15:54:36 ----A---- C:\Windows\ODBCINST.INI
2009-01-01 15:54:32 ----D---- C:\Program Files\Symantec
2009-01-01 15:54:29 ----D---- C:\Program Files\NavNT
2009-01-01 01:55:18 ----A---- C:\Windows\ntbtlog.txt
2008-12-29 19:02:08 ----RSHD---- C:\resycled
2008-12-29 18:16:58 ----D---- C:\Windows\system32\Adobe
2008-12-26 19:22:16 ----HD---- C:\Users\lisa\AppData\Roaming\WinRAR
2008-12-26 18:51:57 ----A---- C:\Windows\_MSRSTRT.EXE
2008-12-26 16:08:25 ----D---- C:\ProgramData\Azureus
2008-12-26 16:08:18 ----D---- C:\Users\lisa\AppData\Roaming\Azureus
2008-12-26 16:07:27 ----D---- C:\Program Files\Vuze
2008-12-26 01:13:31 ----D---- C:\Users\lisa\AppData\Roaming\NCH Software
2008-12-26 01:08:57 ----D---- C:\ProgramData\NCH Software
2008-12-26 01:08:38 ----D---- C:\ProgramData\NCH Swift Sound
2008-12-26 01:08:03 ----D---- C:\Program Files\NCH Software
2008-12-26 01:07:57 ----HD---- C:\Users\lisa\AppData\Roaming\NCH Swift Sound
2008-12-21 22:59:48 ----A---- C:\Windows\system32\gdiplus.dll
2008-12-21 22:59:48 ----A---- C:\Windows\system32\ccrpbds6.dll
2008-12-21 22:59:47 ----D---- C:\Program Files\PIXresizer
2008-12-21 22:57:16 ----D---- C:\Windows\Downloaded Installations
2008-12-20 14:41:30 ----D---- C:\ProgramData\Citrix
2008-12-19 02:21:19 ----A---- C:\Windows\system32\msvcr80.dll
2008-12-19 02:21:19 ----A---- C:\Windows\system32\msvcp80.dll
2008-12-18 09:30:42 ----D---- C:\Program Files\Microsoft Calculator Plus
2008-12-18 08:14:05 ----A---- C:\Windows\system32\mshtml.dll
2008-12-16 18:53:33 ----D---- C:\ProgramData\Bluetooth
2008-12-16 18:25:15 ----D---- C:\Program Files\IVT Corporation
2008-12-15 20:35:23 ----D---- C:\ProgramData\BVRP Software
2008-12-15 20:35:23 ----D---- C:\Program Files\Avanquest update
2008-12-15 20:25:33 ----D---- C:\Program Files\Common Files\Sony Shared
2008-12-15 20:25:19 ----D---- C:\Program Files\Sony
2008-12-15 20:22:18 ----D---- C:\Program Files\Common Files\Apple
2008-12-15 20:21:58 ----D---- C:\ProgramData\Apple Computer
2008-12-15 20:21:58 ----D---- C:\Program Files\QuickTime
2008-12-15 20:19:55 ----D---- C:\Program Files\Apple Software Update
2008-12-15 20:19:54 ----D---- C:\ProgramData\Apple
2008-12-15 20:16:07 ----D---- C:\Users\lisa\AppData\Roaming\Sony Setup
2008-12-15 20:15:43 ----D---- C:\Program Files\Sony Setup
2008-12-15 20:11:12 ----D---- C:\Program Files\Sony Ericsson
2008-12-15 20:11:11 ----D---- C:\ProgramData\Sony Ericsson
2008-12-15 20:10:52 ----HD---- C:\Users\lisa\AppData\Roaming\InstallShield
2008-12-13 03:03:38 ----A---- C:\Windows\system32\tzres.dll
2008-12-12 19:01:13 ----A---- C:\Windows\system32\gdi32.dll
2008-12-12 19:01:05 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-12 19:01:04 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-12 19:00:56 ----A---- C:\Windows\system32\shell32.dll
2008-12-12 19:00:30 ----A---- C:\Windows\explorer.exe
2008-12-12 19:00:18 ----A---- C:\Windows\system32\urlmon.dll
2008-12-12 19:00:17 ----A---- C:\Windows\system32\ieframe.dll
2008-12-12 19:00:16 ----A---- C:\Windows\system32\wininet.dll
2008-12-12 19:00:15 ----A---- C:\Windows\system32\mstime.dll
2008-12-12 19:00:14 ----A---- C:\Windows\system32\iertutil.dll
2008-12-12 19:00:13 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-12 19:00:06 ----A---- C:\Windows\system32\mf.dll
2008-12-12 19:00:03 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-12 19:00:01 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-12 19:00:01 ----A---- C:\Windows\system32\logagent.exe
2008-12-10 10:15:45 ----HD---- C:\Users\lisa\AppData\Roaming\CyberLink
2008-12-02 19:54:27 ----A---- C:\Windows\system32\newdev.exe
2008-12-02 19:54:27 ----A---- C:\Windows\system32\newdev.dll
2008-12-02 19:54:25 ----A---- C:\Windows\system32\RacEngn.dll
2008-11-30 23:40:14 ----A---- C:\Windows\system32\msshooks.dll
2008-11-30 23:40:13 ----A---- C:\Windows\system32\msscb.dll
2008-11-30 23:40:09 ----A---- C:\Windows\system32\thawbrkr.dll
2008-11-30 23:40:09 ----A---- C:\Windows\system32\srchadmin.dll
2008-11-30 23:40:09 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-11-30 23:40:09 ----A---- C:\Windows\system32\propsys.dll
2008-11-30 23:40:09 ----A---- C:\Windows\system32\propdefs.dll
2008-11-30 23:40:09 ----A---- C:\Windows\system32\msstrc.dll
2008-11-30 23:40:09 ----A---- C:\Windows\system32\mssprxy.dll
2008-11-30 23:40:09 ----A---- C:\Windows\system32\mssitlb.dll
2008-11-30 23:40:09 ----A---- C:\Windows\system32\msshsq.dll
2008-11-30 23:40:09 ----A---- C:\Windows\system32\korwbrkr.dll
2008-11-30 23:40:08 ----A---- C:\Windows\system32\xmlfilter.dll
2008-11-30 23:40:08 ----A---- C:\Windows\system32\wsepno.dll
2008-11-30 23:40:08 ----A---- C:\Windows\system32\tquery.dll
2008-11-30 23:40:08 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-11-30 23:40:08 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-11-30 23:40:08 ----A---- C:\Windows\system32\rtffilt.dll
2008-11-30 23:40:08 ----A---- C:\Windows\system32\offfilt.dll
2008-11-30 23:40:08 ----A---- C:\Windows\system32\nlhtml.dll
2008-11-30 23:40:08 ----A---- C:\Windows\system32\msscntrs.dll
2008-11-30 23:40:08 ----A---- C:\Windows\system32\mimefilt.dll
2008-11-30 23:40:08 ----A---- C:\Windows\system32\chtbrkr.dll
2008-11-30 23:40:08 ----A---- C:\Windows\system32\chsbrkr.dll
2008-11-30 23:40:07 ----A---- C:\Windows\system32\mssvp.dll
2008-11-30 23:40:07 ----A---- C:\Windows\system32\mssrch.dll
2008-11-30 23:40:07 ----A---- C:\Windows\system32\mssphtb.dll
2008-11-30 23:40:07 ----A---- C:\Windows\system32\mssph.dll
2008-11-30 19:21:34 ----A---- C:\Windows\system32\emdmgmt.dll
2008-11-30 19:21:33 ----A---- C:\Windows\system32\dataclen.dll
2008-11-30 19:21:33 ----A---- C:\Windows\system32\cdd.dll
2008-11-30 19:21:30 ----A---- C:\Windows\system32\wersvc.dll
2008-11-30 19:21:30 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-30 19:21:26 ----A---- C:\Windows\system32\rpcrt4.dll
2008-11-30 19:21:25 ----A---- C:\Windows\system32\pacerprf.dll
2008-11-30 19:21:22 ----A---- C:\Windows\system32\vbscript.dll
2008-11-30 19:21:22 ----A---- C:\Windows\system32\jscript.dll
2008-11-30 19:21:21 ----A---- C:\Windows\system32\wshext.dll
2008-11-30 19:21:21 ----A---- C:\Windows\system32\wscript.exe
2008-11-30 19:21:21 ----A---- C:\Windows\system32\scrrun.dll
2008-11-30 19:21:21 ----A---- C:\Windows\system32\scrobj.dll
2008-11-30 19:21:21 ----A---- C:\Windows\system32\cscript.exe
2008-11-30 03:13:43 ----D---- C:\PerfLogs
2008-11-26 21:55:00 ----A---- C:\Windows\system32\javaws.exe
2008-11-26 21:55:00 ----A---- C:\Windows\system32\javaw.exe
2008-11-26 21:55:00 ----A---- C:\Windows\system32\java.exe
2008-11-25 23:44:47 ----D---- C:\ProgramData\Hewlett-Packard
2008-11-25 21:14:08 ----A---- C:\Windows\system32\EncDec.dll
2008-11-25 21:13:58 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-25 21:12:06 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-11-25 21:12:06 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2008-11-25 21:12:06 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-25 21:11:56 ----A---- C:\Windows\system32\msxml3.dll
2008-11-25 21:11:53 ----A---- C:\Windows\system32\netapi32.dll
2008-11-25 21:11:48 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-25 21:11:47 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-25 21:11:46 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-25 21:11:43 ----A---- C:\Windows\system32\win32spl.dll
2008-11-25 21:11:43 ----A---- C:\Windows\system32\printcom.dll
2008-11-25 21:11:39 ----A---- C:\Windows\system32\connect.dll
2008-11-25 21:11:26 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-11-25 21:11:26 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-11-25 21:11:20 ----A---- C:\Windows\system32\msxml6.dll
2008-11-25 20:30:35 ----A---- C:\Windows\system32\wups2.dll
2008-11-25 20:30:35 ----A---- C:\Windows\system32\wucltux.dll
2008-11-25 20:30:35 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-25 20:30:35 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-25 20:30:00 ----A---- C:\Windows\system32\wups.dll
2008-11-25 20:30:00 ----A---- C:\Windows\system32\wudriver.dll
2008-11-25 20:30:00 ----A---- C:\Windows\system32\wuapi.dll
2008-11-25 20:29:39 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-25 20:29:39 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 3 months======

2009-01-04 19:17:05 ----D---- C:\Windows\Prefetch
2009-01-04 19:16:58 ----D---- C:\Windows\Temp
2009-01-04 19:16:47 ----RD---- C:\Program Files
2009-01-03 22:52:43 ----SHD---- C:\System Volume Information
2009-01-03 22:51:24 ----D---- C:\Windows\system32\drivers
2009-01-03 22:51:21 ----HD---- C:\ProgramData
2009-01-03 10:53:27 ----SD---- C:\Users\lisa\AppData\Roaming\Microsoft
2009-01-02 19:36:48 ----D---- C:\Windows\System32
2009-01-02 19:36:48 ----D---- C:\Windows\inf
2009-01-02 19:36:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-01 19:59:57 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-01 17:33:13 ----SD---- C:\Windows\Downloaded Program Files
2009-01-01 16:34:42 ----D---- C:\Windows
2009-01-01 15:55:42 ----SHD---- C:\Windows\Installer
2009-01-01 15:54:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-01 15:54:32 ----D---- C:\ProgramData\Symantec
2009-01-01 14:24:25 ----D---- C:\ProgramData\avg8
2009-01-01 13:12:39 ----D---- C:\Windows\system32\catroot2
2009-01-01 02:46:00 ----D---- C:\Windows\system32\config
2009-01-01 02:45:48 ----D---- C:\Windows\Tasks
2009-01-01 02:45:48 ----D---- C:\Windows\system32\spool
2009-01-01 02:45:48 ----D---- C:\Windows\system32\Msdtc
2009-01-01 02:45:48 ----D---- C:\Windows\system32\CodeIntegrity
2009-01-01 02:45:37 ----D---- C:\Windows\system32\wbem
2009-01-01 02:45:36 ----D---- C:\Windows\registration
2009-01-01 01:55:16 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2009-01-01 01:44:47 ----D---- C:\Windows\system32\catroot
2008-12-30 11:49:58 ----D---- C:\Windows\system32\WDI
2008-12-29 18:19:34 ----D---- C:\Windows\system32\Macromed
2008-12-18 09:30:43 ----D---- C:\Windows\Help
2008-12-18 08:14:50 ----D---- C:\Windows\winsxs
2008-12-16 18:24:20 ----D---- C:\Windows\system32\Tasks
2008-12-15 20:39:14 ----SD---- C:\ProgramData\Microsoft
2008-12-15 20:28:12 ----RSD---- C:\Windows\assembly
2008-12-15 20:25:33 ----D---- C:\Program Files\Common Files
2008-12-15 20:23:41 ----D---- C:\Program Files\Internet Explorer
2008-12-13 03:33:24 ----D---- C:\Windows\rescache
2008-12-13 03:14:29 ----D---- C:\Program Files\Windows Mail
2008-12-13 03:14:28 ----D---- C:\Windows\system32\en-US
2008-12-13 03:14:28 ----D---- C:\Windows\AppPatch
2008-12-13 03:08:46 ----D---- C:\ProgramData\Microsoft Help
2008-12-09 15:24:38 ----A---- C:\Windows\system32\mrt.exe
2008-12-05 20:59:13 ----D---- C:\Windows\Debug
2008-12-03 03:08:58 ----D---- C:\Program Files\Windows Live
2008-12-03 03:05:44 ----D---- C:\Program Files\Common Files\microsoft shared
2008-12-02 19:51:25 ----D---- C:\Windows\system32\LogFiles
2008-12-01 21:19:21 ----D---- C:\ProgramData\WLInstaller
2008-12-01 18:12:10 ----D---- C:\Windows\PolicyDefinitions
2008-11-30 04:12:55 ----D---- C:\Windows\Logs
2008-11-30 03:41:40 ----D---- C:\Windows\Microsoft.NET
2008-11-30 03:31:00 ----ASH---- C:\Program Files\desktop.ini
2008-11-30 03:19:25 ----D---- C:\Program Files\Windows Calendar
2008-11-30 03:19:24 ----D---- C:\Program Files\Windows Sidebar
2008-11-30 03:19:24 ----D---- C:\Program Files\Movie Maker
2008-11-30 03:19:20 ----D---- C:\Program Files\Windows Media Player
2008-11-30 03:19:19 ----D---- C:\Program Files\Windows Collaboration
2008-11-30 03:19:17 ----D---- C:\Program Files\Windows Journal
2008-11-30 03:19:16 ----D---- C:\Program Files\Windows Photo Gallery
2008-11-30 03:19:00 ----D---- C:\Program Files\Common Files\System
2008-11-30 03:18:59 ----D---- C:\Program Files\Windows Defender
2008-11-30 03:18:58 ----D---- C:\Windows\servicing
2008-11-30 03:18:56 ----D---- C:\Windows\ehome
2008-11-30 03:18:28 ----D---- C:\Windows\MSAgent
2008-11-30 03:18:25 ----D---- C:\Windows\IME
2008-11-30 03:18:25 ----D---- C:\Windows\DigitalLocker
2008-11-30 03:18:24 ----D---- C:\Windows\L2Schemas
2008-11-30 03:18:22 ----D---- C:\Windows\system32\XPSViewer
2008-11-30 03:18:22 ----D---- C:\Windows\system32\ko-KR
2008-11-30 03:18:22 ----D---- C:\Windows\system32\da-DK
2008-11-30 03:18:22 ----D---- C:\Windows\system32\com
2008-11-30 03:18:16 ----D---- C:\Windows\system32\oobe
2008-11-30 03:18:16 ----D---- C:\Windows\system32\it-IT
2008-11-30 03:18:16 ----D---- C:\Windows\system32\el-GR
2008-11-30 03:18:16 ----D---- C:\Windows\system32\de-DE
2008-11-30 03:18:13 ----D---- C:\Windows\system32\sysprep
2008-11-30 03:18:13 ----D---- C:\Windows\system32\migration
2008-11-30 03:18:04 ----D---- C:\Windows\system32\AdvancedInstallers
2008-11-30 03:18:03 ----D---- C:\Windows\system32\sv-SE
2008-11-30 03:18:03 ----D---- C:\Windows\system32\setup
2008-11-30 03:18:03 ----D---- C:\Windows\system32\ru-RU
2008-11-30 03:18:03 ----D---- C:\Windows\system32\ias
2008-11-30 03:18:03 ----D---- C:\Windows\system32\he-IL
2008-11-30 03:18:03 ----D---- C:\Windows\system32\fr-FR
2008-11-30 03:18:02 ----D---- C:\Windows\system32\SLUI
2008-11-30 03:18:02 ----D---- C:\Windows\system32\pt-PT
2008-11-30 03:18:02 ----D---- C:\Windows\system32\hu-HU
2008-11-30 03:18:02 ----D---- C:\Windows\system32\fi-FI
2008-11-30 03:18:02 ----D---- C:\Windows\system32\cs-CZ
2008-11-30 03:17:59 ----D---- C:\Windows\system32\zh-TW
2008-11-30 03:17:59 ----D---- C:\Windows\system32\zh-CN
2008-11-30 03:17:59 ----D---- C:\Windows\system32\pl-PL
2008-11-30 03:17:59 ----D---- C:\Windows\system32\manifeststore
2008-11-30 03:17:59 ----D---- C:\Windows\system32\ja-JP
2008-11-30 03:17:59 ----D---- C:\Windows\system32\es-ES
2008-11-30 03:17:59 ----D---- C:\Windows\system32\en
2008-11-30 03:17:58 ----D---- C:\Windows\system32\ro-RO
2008-11-30 03:17:50 ----D---- C:\Windows\system32\tr-TR
2008-11-30 03:17:44 ----D---- C:\Windows\system32\nl-NL
2008-11-30 03:17:44 ----D---- C:\Windows\system32\nb-NO
2008-11-30 03:17:43 ----D---- C:\Windows\system32\ar-SA
2008-11-30 03:17:39 ----D---- C:\Windows\system32\migwiz
2008-11-30 03:17:36 ----D---- C:\Windows\system32\pt-BR
2008-11-30 03:13:57 ----D---- C:\Windows\Boot
2008-11-30 03:13:49 ----D---- C:\Windows\system32\Boot
2008-11-30 03:08:48 ----D---- C:\Windows\system32\RTCOM
2008-11-30 00:48:07 ----A---- C:\Windows\system32\ifxcardm.dll
2008-11-30 00:48:00 ----A---- C:\Windows\system32\axaltocm.dll
2008-11-27 22:09:17 ----D---- C:\Windows\system
2008-11-26 21:54:57 ----D---- C:\Program Files\Java
2008-11-25 20:31:09 ----RSD---- C:\Windows\Media
2008-11-24 20:55:43 ----D---- C:\Program Files\Yahoo!
2008-11-22 17:00:03 ----HD---- C:\Users\lisa\AppData\Roaming\Samsung
2008-11-22 16:59:11 ----D---- C:\Program Files\Samsung
2008-11-22 16:54:25 ----D---- C:\Program Files\FrostWire
2008-11-22 16:49:59 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\NavNT\NAVAPEL.SYS [2001-09-24 9232]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2008-10-24 342016]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 62464]
R3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-08-24 452096]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 46592]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NCHSSVAD;SoundTap Recorder; C:\Windows\system32\drivers\nchssvad.sys [2008-12-26 27136]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-07-27 351232]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 OVT511Plus;Dual Mode USB Camera Plus; C:\Windows\System32\Drivers\omcamvid.sys [2001-09-18 167816]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [2001-09-24 57696]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 USB_RNDIS;Thomson ST Remote NDIS Device Driver; C:\Windows\system32\DRIVERS\usb8023.sys [2008-01-19 15872]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 VF0470Vid;Live! Cam Notebook (VF0470); C:\Windows\system32\DRIVERS\V0470Vid.sys [2007-04-20 146368]
S3 VHidMinidrv;Bluetooth HID Device Service; C:\Windows\system32\drivers\VHIDMini.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2007-11-15 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 DefWatch;DefWatch; C:\Program Files\NavNT\defwatch.exe [2001-09-24 32768]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
R2 Norton AntiVirus Server;Norton AntiVirus Client; C:\Program Files\NavNT\rtvscan.exe [2001-09-24 454656]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

 

nfo.txt logfile of random's system information tool 1.05 2009-01-04 19:17:20

======Uninstall list======

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BTHomeHub-->C:\Program Files.\BTHomeHub.\Uninstall.exe BTHomeHub
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative Live! Cam Notebook Driver (1.00.03.0000)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0470.uns -unsext NT -plugin V0470Pin.dll -pluginres CtCamPin.crl
Firebird 2.1.0.16780 (Win32)--> "C:\Program Files\Firebird\Firebird_2_1\unins000.exe "
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate 1.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Calculator Plus-->MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Norton AntiVirus Corporate Edition-->MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
OSDInstall-->MsiExec.exe /I{EB863CFD-6889-47B0-9D79-492DE0D07EE7}
PIXresizer 2.0.3--> "C:\Program Files\PIXresizer\unins000.exe "
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Ralink Wireless LAN-->C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
REALTEK RTL8187B Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}\Install.exe -uninst -l0x9
SAM3 (remove only)--> "C:\Program Files\SpacialAudio\SAMBC\uninstall.exe "
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SiS VGA Utilities-->C:\Program Files\SiS VGA Utilities\Setup.exe -u
Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{9EB1504E-FD95-4BCD-8E93-B4039F59C469}
Sony Ericsson PC Suite 4.006.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x0009 -removeonly
Streamer (remove only)--> "C:\Program Files\Streamer\uninstall.exe "
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar--> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}

System event log

Computer Name: Oliphant-Mobile
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Record Number: 70228
Source Name: Service Control Manager
Time Written: 20090104141541.000000-000
Event Type: Information
User:

Computer Name: Oliphant-Mobile
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 70229
Source Name: Service Control Manager
Time Written: 20090104143210.000000-000
Event Type: Information
User:

Computer Name: Oliphant-Mobile
Event Code: 36
Message: The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
Record Number: 70230
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090104165151.000000-000
Event Type: Warning
User:

Computer Name: Oliphant-Mobile
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 70231
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090104165206.000000-000
Event Type: Information
User:

Computer Name: Oliphant-Mobile
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Record Number: 70232
Source Name: Service Control Manager
Time Written: 20090104191555.000000-000
Event Type: Information
User:

Application event log

Computer Name: Oliphant-Mobile
Event Code: 20
Message:

Unable to restore S:\resycled\boot.com from backup file after clean failed.
Record Number: 11216
Source Name: Norton AntiVirus
Time Written: 20090104103215.000000-000
Event Type: Information
User:

Computer Name: Oliphant-Mobile
Event Code: 1000
Message: Faulting application VPC32.EXE, version 7.60.0.926, time stamp 0x3ba26c99, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x78787878, process id 0x141c, application start time 0x01c96e51070d4463.
Record Number: 11217
Source Name: Application Error
Time Written: 20090104103217.000000-000
Event Type: Error
User:

Computer Name: Oliphant-Mobile
Event Code: 1001
Message: Fault bucket 1085014112, type 1
Event Name: APPCRASH
Response: http://oca.microsoft.com/resredir.aspx?SID=938&iBucketTable=1&iBucket=1085014112
Cab Id: 0

Problem signature:
P1: VPC32.EXE
P2: 7.60.0.926
P3: 3ba26c99
P4: StackHash_147b
P5: 0.0.0.0
P6: 00000000
P7: c0000005
P8: 78787878
P9:
P10:

Attached files:
C:\Users\lisa\AppData\Local\Temp\WERC9C5.tmp.version.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report06cd1826
Record Number: 11218
Source Name: Windows Error Reporting
Time Written: 20090104124130.000000-000
Event Type: Information
User:

Computer Name: Oliphant-Mobile
Event Code: 1005
Message: Customer Experience Improvement Program data was successfully consolidated into files that will be sent to Microsoft for analysis. These files will be sent only if the user has opted to join the Windows Customer Experience Improvement Program.
Record Number: 11219
Source Name: Microsoft-Windows-CEIP
Time Written: 20090104130002.000000-000
Event Type: Information
User:

Computer Name: Oliphant-Mobile
Event Code: 1007
Message: Customer Experience Improvement Program data was successfully sent to Microsoft.
Record Number: 11220
Source Name: Microsoft-Windows-CEIP
Time Written: 20090104130501.000000-000
Event Type: Information
User:

Security event log

Computer Name: Oliphant-Mobile
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 18701
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090104191709.178633-000
Event Type: Audit Failure
User:

Computer Name: Oliphant-Mobile
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 18702
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090104191709.225505-000
Event Type: Audit Failure
User:

Computer Name: Oliphant-Mobile
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 18703
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090104191709.270424-000
Event Type: Audit Failure
User:

Computer Name: Oliphant-Mobile
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 18704
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090104191709.314366-000
Event Type: Audit Failure
User:

Computer Name: Oliphant-Mobile
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 18705
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090104191709.360262-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE "=x86
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"USERNAME "=SYSTEM
"windir "=%SystemRoot%
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION "=1601
"NUMBER_OF_PROCESSORS "=1
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

 

Welcome to WindowsBBS Olly

You have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

• Plug in your USB flash drive.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Next, please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

Noah - thanks for the welcome - when you say plug in my flash drive: I assume you mean my External 1gig USB flash ? If so, I no longer have it as it was borrowed to install something - do I still run these anyway ?

Regards,

Jim

 

If that external drive was the only usb drive ever connected, then skip the flash_disinfector part and proceed with ComboFix. Generally speaking, flash drive = pen drive, thumb drive, memory stick, etc, though and external usb hard drive would qualify as well.

 

ComboFix 09-01-02.01 - lisa 2009-01-04 21:09:35.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.892.203 [GMT 0:00]
Running from: c:\users\lisa\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
c:\windows\system32\drivers\msqpdxtcgoiqcm.sys
c:\windows\system32\GDS32.DLL
c:\windows\system32\msqpdxesxtuvow.dll
S:\resycled

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_msqpdxserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-04 19:16 . 2009-01-04 19:17 <DIR> d-------- C:\rsit
2009-01-04 19:16 . 2009-01-04 19:35 <DIR> d-------- c:\program files\trend micro
2009-01-03 22:51 . 2009-01-03 22:51 <DIR> d-------- c:\programdata\Avira
2009-01-03 22:51 . 2009-01-03 22:51 <DIR> d-------- c:\program files\Avira
2009-01-01 21:16 . 2009-01-01 21:19 <DIR> d-------- c:\program files\Streamer
2009-01-01 18:42 . 2007-10-16 10:08 458,752 --a------ c:\windows\System32\Firebird2Control.cpl
2009-01-01 18:05 . 2009-01-01 18:42 <DIR> d-------- c:\program files\SpacialAudio
2009-01-01 18:05 . 2009-01-01 18:05 <DIR> d-------- c:\program files\Firebird
2009-01-01 16:42 . 2009-01-01 16:42 <DIR> d-------- c:\programdata\Symantec Temporary Files
2009-01-01 16:34 . 2009-01-01 16:34 0 --a------ c:\windows\VPC32.INI
2009-01-01 15:54 . 2009-01-01 15:54 <DIR> d-------- c:\windows\System32\CBA
2009-01-01 15:54 . 2009-01-01 15:55 <DIR> d-------- c:\program files\Symantec
2009-01-01 15:54 . 2009-01-01 19:39 <DIR> d-------- c:\program files\NavNT
2009-01-01 15:54 . 2001-09-24 07:59 120,379 --a------ c:\windows\System32\SYMEVNT.386
2009-01-01 15:54 . 2001-09-24 07:59 57,696 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2009-01-01 15:54 . 2001-09-24 07:59 36,864 --a------ c:\windows\System32\S32EVNT1.DLL
2009-01-01 15:54 . 2001-09-24 07:59 4,032 --a------ c:\windows\System32\SYMEVNT1.DLL
2009-01-01 15:54 . 2009-01-01 15:54 244 --a------ c:\windows\ODBC.INI
2009-01-01 15:54 . 2009-01-01 15:54 209 --a------ c:\windows\ODBCINST.INI
2008-12-30 21:28 . 2009-01-01 02:45 <DIR> dr------- c:\users\lisa\Pictures
2008-12-30 20:43 . 2008-12-30 20:43 <DIR> dr------- c:\users\lisa\Searches
2008-12-29 18:16 . 2008-12-29 18:18 <DIR> d-------- c:\windows\System32\Adobe
2008-12-26 18:51 . 2008-12-26 18:51 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-12-26 16:08 . 2009-01-01 02:45 <DIR> d-------- c:\users\lisa\AppData\Roaming\Azureus
2008-12-26 16:08 . 2008-12-26 16:08 <DIR> d-------- c:\programdata\Azureus
2008-12-26 16:07 . 2008-12-26 16:51 <DIR> d-------- c:\program files\Vuze
2008-12-26 01:13 . 2008-12-26 01:13 <DIR> d-------- c:\users\lisa\AppData\Roaming\NCH Software
2008-12-26 01:08 . 2008-12-26 01:10 <DIR> d-------- c:\programdata\NCH Swift Sound
2008-12-26 01:08 . 2008-12-26 01:08 <DIR> d-------- c:\programdata\NCH Software
2008-12-26 01:08 . 2009-01-01 20:00 <DIR> d-------- c:\program files\NCH Software
2008-12-26 01:08 . 2008-12-26 01:08 27,136 --a------ c:\windows\System32\drivers\nchssvad.sys
2008-12-26 01:07 . 2009-01-01 20:01 <DIR> d--h----- c:\users\lisa\AppData\Roaming\NCH Swift Sound
2008-12-21 22:59 . 2008-12-21 22:59 <DIR> d-------- c:\program files\PIXresizer
2008-12-21 22:59 . 2002-08-29 19:00 1,703,936 --a------ c:\windows\System32\gdiplus.dll
2008-12-21 22:59 . 2007-04-15 00:05 991,232 --a------ c:\windows\System32\imageviewer2.ocx
2008-12-21 22:59 . 2000-05-22 00:00 608,448 --a------ c:\windows\System32\comctl32.ocx
2008-12-21 22:59 . 2004-03-08 23:00 224,016 --a------ c:\windows\System32\tabctl32.ocx
2008-12-21 22:59 . 1996-01-12 00:00 200,704 --a------ c:\windows\System32\threed32.ocx
2008-12-21 22:59 . 1998-06-24 00:00 164,144 --a------ c:\windows\System32\comct232.ocx
2008-12-21 22:59 . 1999-09-16 09:04 151,552 --a------ c:\windows\System32\ccrpfd6.ocx
2008-12-21 22:59 . 2000-05-01 23:02 110,592 --a------ c:\windows\System32\ccrpbds6.dll
2008-12-21 22:59 . 2000-07-09 18:15 106,496 --a------ c:\windows\System32\mbprgbar.ocx
2008-12-21 22:57 . 2008-12-21 22:57 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 14:41 . 2008-12-20 14:41 <DIR> d-------- c:\programdata\Citrix
2008-12-20 14:40 . 2008-12-20 14:40 61,480 --a------ c:\users\lisa\GoToAssistDownloadHelper.exe
2008-12-19 13:30 . 2009-01-01 02:45 <DIR> dr------- c:\users\lisa\Music
2008-12-19 02:21 . 2005-09-23 00:05 626,688 --a------ c:\windows\System32\msvcr80.dll
2008-12-19 02:21 . 2005-09-23 00:05 548,864 --a------ c:\windows\System32\msvcp80.dll
2008-12-18 09:30 . 2008-12-18 09:30 <DIR> d-------- c:\program files\Microsoft Calculator Plus
2008-12-16 18:53 . 2008-12-29 22:25 <DIR> d-------- c:\programdata\Bluetooth
2008-12-16 18:25 . 2008-12-16 18:25 <DIR> d-------- c:\program files\IVT Corporation
2008-12-16 18:25 . 2008-12-29 23:21 32 --a------ c:\windows\0
2008-12-16 18:25 . 2008-12-16 18:25 0 --a------ c:\windows\System32\0
2008-12-15 20:48 . 2008-12-15 20:48 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-15 20:35 . 2008-12-15 20:35 <DIR> d-------- c:\programdata\BVRP Software
2008-12-15 20:35 . 2008-12-15 20:35 <DIR> d-------- c:\program files\Avanquest update
2008-12-15 20:25 . 2008-12-15 20:25 <DIR> d-------- c:\program files\Sony
2008-12-15 20:25 . 2008-12-15 20:25 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-12-15 20:22 . 2008-12-15 20:22 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-15 20:21 . 2008-12-15 20:21 <DIR> d-------- c:\programdata\Apple Computer
2008-12-15 20:21 . 2008-12-15 20:23 <DIR> d-------- c:\program files\QuickTime
2008-12-15 20:19 . 2008-12-15 20:19 <DIR> d-------- c:\programdata\Apple
2008-12-15 20:19 . 2008-12-15 20:19 <DIR> d-------- c:\program files\Apple Software Update
2008-12-15 20:16 . 2009-01-01 02:45 <DIR> d-------- c:\users\lisa\AppData\Roaming\Sony Setup
2008-12-15 20:15 . 2008-12-15 20:15 <DIR> d-------- c:\program files\Sony Setup
2008-12-15 20:11 . 2008-12-15 20:11 <DIR> d-------- c:\programdata\Sony Ericsson
2008-12-15 20:11 . 2008-12-15 20:25 <DIR> d-------- c:\program files\Sony Ericsson
2008-12-15 20:10 . 2008-12-15 20:10 <DIR> d--h----- c:\users\lisa\AppData\Roaming\InstallShield
2008-12-13 03:03 . 2008-10-22 01:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-12 19:01 . 2008-11-01 01:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-12 19:01 . 2008-10-21 05:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-12 19:01 . 2008-11-01 03:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-12 19:00 . 2008-10-29 06:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-12 19:00 . 2008-06-23 01:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-12 19:00 . 2008-06-23 01:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-12 19:00 . 2008-10-16 04:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-12 19:00 . 2008-06-23 01:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-10 10:15 . 2008-12-10 10:15 <DIR> d--h----- c:\users\lisa\AppData\Roaming\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 19:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-01 15:54 --------- d-----w c:\programdata\Symantec
2009-01-01 15:54 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-01 14:24 --------- d-----w c:\programdata\avg8
2008-12-26 09:31 106 ---ha-w c:\users\lisa\AppData\Roaming\wklnhst.dat
2008-12-13 03:14 --------- d-----w c:\program files\Windows Mail
2008-12-13 03:08 --------- d-----w c:\programdata\Microsoft Help
2008-12-03 03:08 --------- d-----w c:\program files\Windows Live
2008-12-01 21:19 --------- d-----w c:\programdata\WLInstaller
2008-11-30 03:31 174 --sha-w c:\program files\desktop.ini
2008-11-30 03:19 --------- d-----w c:\program files\Windows Sidebar
2008-11-30 03:19 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-30 03:19 --------- d-----w c:\program files\Windows Journal
2008-11-30 03:19 --------- d-----w c:\program files\Windows Collaboration
2008-11-30 03:19 --------- d-----w c:\program files\Windows Calendar
2008-11-30 03:18 --------- d-----w c:\program files\Windows Defender
2008-11-30 00:48 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-30 00:48 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-26 21:54 --------- d-----w c:\program files\Java
2008-11-25 23:44 --------- d-----w c:\programdata\Hewlett-Packard
2008-11-24 20:55 --------- d-----w c:\program files\Yahoo!
2008-11-22 17:00 --------- d--h--w c:\users\lisa\AppData\Roaming\Samsung
2008-11-22 16:59 --------- d-----w c:\program files\Samsung
2008-11-22 16:54 --------- d-----w c:\program files\FrostWire
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 14:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 13:56 31,232 ----a-w c:\windows\System32\wuapp.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray "= "c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-08-24 552960]
"OSD "= "c:\program files\C&E\OSD\osd.exe" [2007-08-28 671801]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"vptray "= "c:\program files\NavNT\vptray.exe" [2001-09-24 73728]
"avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-08-09 c:\windows\RtHDVCpl.exe]
"Skytel "= "Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe]

c:\users\lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder_MUI]
--a------ 2007-07-20 08:15 1089536 c:\applications\OEM\Reminder\Reminder_MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0470Cfg.exe]
--a------ 2007-04-19 17:00 24576 c:\windows\V0470Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{01EE7AA7-3AA2-4880-B847-D18E5312C93A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2E7148BA-B240-40C0-BC85-4D80EC2967F7} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DBC2BB46-4B76-49C6-8796-F8DA65CD807E} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AAFBA055-1EBB-4A9E-A308-389E82232EA8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1620F349-9F40-42B4-8FD8-AB2E2EAE1A62} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{028D7714-A376-4257-A335-C1352551CEAE} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B10E27FD-F3FB-43EE-85B1-49B107739944} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F66CE36F-B1DF-4D44-A628-5935456A5C52} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{87E301E4-3CE8-4EEB-96DE-394049B368AE} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5C320DF6-68D8-4370-930C-7FAB486D978A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{214B1143-E7B0-472E-A8A6-12725BC626B1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0B9A774C-941F-4F1C-A22E-CEFFC65C860C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{86548272-2E91-4ED5-8D54-222F02705D6A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{67ECBAFC-15E3-499A-BA6E-F8E52C749F10} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{51F711C4-850D-4D48-9B54-432AC9BF2DC1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1DBFBCA6-909E-4ACD-9FAD-21FBC165C54A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D2F5C6CF-47A8-4FEC-81EE-BDF799412674} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6D061833-C738-4C1B-B1EE-5777ACDE0E8D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{35D29408-B611-44A9-A547-19F363CDDA49} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC8EAF29-60B7-4C54-BFD7-5A71EC392FD7} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{33095913-6E00-45A0-B29C-03295BB69AB4} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{11330984-4CFB-4FD9-9D3F-81E3943D3A54} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F64DC1E8-85A5-44DB-BC30-F20E73863057} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FDBE6F0F-957C-4D3C-9D81-ABB27FE36A10} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{22DA0937-B21A-4507-AECE-30809125B66D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E3795AB9-E807-4F67-B7FC-1A8B6E5D08D1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7D0B268C-54D4-4E1A-895F-FE7D24D5D01B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CCE00CFA-F68C-45CB-8FB7-7E5DFFC7345F} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{50179C5A-6D67-44EB-8E4E-3C2CBAD033AC} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9B52EB68-CBBA-4B5B-B481-CAE203838849} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{91BF7E5C-6887-4B80-B96F-C848E630C127} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C8DE3BCE-9E4F-45C1-AB01-518DCC056162} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9D5CE404-E676-4B55-AD61-A4AB3FCCE614} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D73317F0-160F-41CF-9BF9-818B70BECB1C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{939DCF94-4836-4216-B23F-E8D212CC651D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{54F3CE2D-8B00-4750-A9EC-5C9C9A2DF547} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{160C0394-F68B-43D9-ADC4-D2CE9420AFED} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C8A195C1-404F-4FFB-8638-5AAAA198498E} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9734FB62-85D7-4FA8-8FC9-EF8CDC137536} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC5C37C8-FE0C-4F2F-8118-7C644CBADD50} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A8F56F16-6DCC-44C8-BE68-8E6743901DD3} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6C5A1DB5-59AD-4E4F-842D-A1B1ACB4B4EA} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EA70B901-88B6-43BA-A46D-2DD07520FF0C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{835B93BC-ABFA-4822-9090-88EC431DFFFA} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8133F302-39C9-4235-A85F-6E25C4E59EDD} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A1BBA0B1-FD64-471E-9712-E7D0E3FB3C55} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E23332D-F204-47B7-88E5-9FBB541C966C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{822D6A8F-9F04-47D7-81EB-5AD5B7A26CEF} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4864D38E-A9F8-4133-A970-E9BC8C7268A8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D349E4A5-9544-4FF7-AAF4-0990D01A5A73} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6AB7727A-2401-49BB-A3B9-13210A919192}c:\\program files\\limewire\\limewire.exe "= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{96AE28FB-1125-4ADA-A80D-5D249357C601}c:\\program files\\limewire\\limewire.exe "= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{550C2138-BB67-43CF-AEF6-54CBE7201AA8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{10610333-B940-4C45-95A4-5DA00DC98063} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{10A69A9F-24D0-4B6D-9B33-E8DF0C9A8BD7} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8C83760C-70B6-40F1-9732-EA8B0DC692A7} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{04708ABC-0EB1-4305-987C-8E0A1683908B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7D7507CA-9958-436E-96BB-92CBA047A09D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{47129C46-CAA2-4A72-9CAD-AD4682E26C8A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{21A484E3-3282-43D0-BCB4-771A085AD292} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1DF7F775-F217-4838-9E4F-6BA3EF8E6FC5} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ABFD5B81-4F57-43A0-A9B9-157EFF62B719} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0639C78B-4B10-4CCF-B3B1-211308DED64D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{645BAC6C-F1B0-4825-B936-D5F7EF10098F} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C8B821C8-DCBA-4462-9F9D-8E92F8DB98AE} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8A0547ED-90CD-4824-83CA-3F20FE75AF90} "= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{FF3C4E2D-0955-4DBE-8261-DCD2E241F9EB} "= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{951FC211-F71B-43F9-961A-5643F8FC87EF} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7FF7BD29-2AC4-4A3B-8DBB-5FB90A430C23} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9F4A0252-B21C-488C-8227-D5006CAEFF11} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E5401329-AB8B-4522-85E9-A31E10A0433D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8385EC85-9171-402A-982E-18DB2BC1C39A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ED3C3BCE-AE8E-4C40-A2A4-67BEEE35803D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{47151320-125F-4F10-A5CF-2E050FF585D5} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9C831183-EF9D-45E3-B9EB-70F62E35CA88} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FA7B84FE-D1C4-4EE2-905D-4853E7F6A8D0} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{906647DA-6912-4A05-B960-65A491DF17E9} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BEBD8137-753E-474A-B5A8-8B56F3AB1F15} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15FD852A-1FCE-408C-85B9-8120AA87FDE3} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{69683783-F195-4491-A5A2-B3C66DB0B596} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{426C15FF-FF2B-4672-AD01-E748F6EF3E01} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{25ECB9B8-23D9-405C-9F1C-B0A5A34209EA} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{90C69FD2-976C-483D-88A3-D89431A4F5A8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1C0C3C1C-C5CB-4C7A-9681-829490ACEBCC} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{23357C5A-5C3A-4121-99B4-2341D6CF7AD7} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0961C7EE-8422-467E-A5C8-42532D640AE2} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7D9F214C-1405-4BF7-A712-7788968702C2} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7A64F43E-3920-46FB-B675-135845F15177} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0693C7A6-EF62-4D0B-940C-48CCD66F58B5} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{870CD23A-78C6-4223-939A-C88F8582FC5D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6F50B10D-DA01-4C14-B054-835E20FFE6C9} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3A6FA2D0-F9A7-407B-A617-8C31B7393FF5} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{17B6E953-E8C4-4A66-ACDC-AABE178C4173} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7EE72803-5B1D-4E6A-9654-69343479F2DF} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6443CB5F-9B99-41B3-9E75-AFE5CBF7B64C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EA2E1E6D-6209-47F9-8A98-0BFC7FBADC59} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{938A85DC-3560-4BF2-BEA5-37F95B4D6772} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E1F6AD8-ED0C-42A0-AFC5-B124B556B3B1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AE8B63E3-33B9-4C07-AD35-D39CE92C5792} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BE392E39-2D8C-419D-9364-E042F3B31782} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{14B94C2B-7472-45E3-8941-ED489022A708} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{812F5F8F-1C33-4CBB-8A0F-093E0487090F} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{067B6238-1B3D-4569-9F91-034A303069D0} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{73621B2D-55BD-4A68-B2A4-C54F3D457E5B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B003BAF0-2D7F-47F4-8B0D-E5E4756BBF60} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2230D1D9-F908-4FED-87B9-65311F2F3E34} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{504C1F21-26C0-4511-932C-9ACF87553145} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9DCE656B-A642-4396-B8E0-8647236BB025} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7FF6AF63-A593-4F0E-8B85-602FF1648CFC} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A559F34B-D2C5-4B87-B219-71CD370D8297} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{305C7E12-E2AD-427B-93F7-3299D11C711E} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{517B2BF6-927F-4BB9-8A42-9258B36A89FA} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B836024E-D987-4FA9-9F46-217B02921023} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ACA77DBB-930C-40FF-A97E-CCD49D849289} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{36466112-5E46-4D62-81C4-9419B1C4E1AD} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F2411BA2-B586-4E52-8FBB-02AC0C13A488} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CF521988-BD28-4113-A641-1F02F74BBFDB} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F196A6E9-538F-4F7E-862A-797FCCDB2640} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{44F8DC0E-5F66-443E-AE7F-4C06FF896827} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{72E73115-51A0-400A-918B-980731708BFD} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3B0B0AC1-8B5D-4BFA-B51F-CD39AEB2F7F7} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5C858ADE-F946-4112-A86C-89266E4662B8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{86B4B213-CA08-4DA2-8287-3CA9C4DC3B77} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DF4391F5-814B-449E-9FFE-A4B769481549} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{44E1D9CF-07AD-4315-897C-56ADBCB8019E} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6B34BECB-13A1-4D62-BDCF-8DB63BF6D3AD} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2E970B9A-2AA9-48D6-8239-07C959E8428B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CDC84057-ECAE-4DC3-A43B-01919CC5AF1C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8D4A875A-C18D-4F87-BAC9-92C81FF48039} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{14397824-B92E-421E-8F36-6353509D8F51} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{406392D5-C40E-46A0-9997-C14C19044E61} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1FD36CD7-349C-4DAA-936C-683D630AB014} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{850BAC0C-C966-4FDA-8D09-E1842AF7260B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F40B47B4-DA88-4C9F-8A08-4C96BF9C6D59} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AB232920-BD1C-4167-8BD6-8B0878509A33} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DE9554A1-684E-4E14-9351-81761CC66534} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{34A80895-35E4-4670-A550-320DB0729947} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CB5F54E0-B657-4551-9DC0-FAFBCE635D30} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FE2AD66A-F167-4E15-B0AF-04E372E7C8F1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6E013249-99D0-4B36-B25A-6E9C6CFCF50D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8825D19E-1DA2-4397-9822-CB2C0E8DE756} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{68D54DA6-C426-4DE8-8E13-2274DAC38C74} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F50BBBE5-B6C3-4D26-B32A-BB120B635C46} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0484EC47-6E2E-4592-BAF7-A85CBDCB603D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{56CA0ECB-EEE5-4830-9A5C-6BAEF732A414} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0F0B2D68-CF52-4C16-84FB-ABC21CBEB43C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C9989767-FE5B-4489-AC33-057C018AA4FB} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0EDD570A-C49B-44C3-A47C-6D662CCC2673} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{61F32E05-94E0-4974-BC4F-E08839C5C919} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{370CCA59-710D-4091-90AE-D46774ECAF33} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B3925355-F91A-4256-9912-D3381530C64B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C64F08F2-BC0B-440A-9F39-E74A0894FC36} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AA4A15F1-14AC-4402-B954-36DF89EC75F8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6A36BA9D-E0F7-427A-A6FA-06A1AC03EA04} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{86814486-5386-4C40-8F18-24F1A3CBDB98} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{163F48CC-B724-44DC-B04F-3B9A0CC3D66A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CC29638B-31FC-45F1-8A77-76723931D6A8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B59D9460-4235-4B2B-8B74-9EB370D91067} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9433360E-00F2-4E04-8319-FB1289385E71} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC6002DC-76C9-4194-AE20-275996E56ADA} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8C8EB80C-369E-4E01-9E4A-7FEAA5224848} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6907326D-9462-449A-9F45-34C8DEBE0218} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4BD58D26-C5E6-4EF6-A3E2-2131D5D4D216} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CE8BB0DC-7F22-44E8-813C-8AB18DD965F5} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1A6F990A-63C3-4A47-BC10-C2F9F097675C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E38B0997-14F8-4188-93AA-428943EABAC1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CFDAF0BE-2290-4A84-AFBF-6F2959CD9076} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9B90AB21-4977-4B53-AE0F-C88FAE2824E9} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A3E70C85-3F60-4866-BA08-F559466A66A5} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{59E000A4-50F8-42BF-A761-D0CF626FD50C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C7CD8F7B-5FE5-4E65-B26E-DFE9B8A68E9B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{072F5B86-AC19-4A2B-952F-800930E3409D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9813DB6C-B5A6-465C-87E1-FB1573A8F9E7} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9D4C0F22-38F2-452A-A8F1-9C9784E1B6B1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BFCE3B01-219A-433E-8153-59E94DAA6CE6} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A979EFE7-DA98-4A4C-9EDF-3F1ECAEC0CB6} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3710D507-82A9-47F6-B887-02AE81C11A6E} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0F7DFB6C-EA40-477D-B931-BD0BDC73AD4A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1C0845DD-EABC-4466-9AF3-36DF3A71DB54} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD81B7D0-3BA8-4EEC-B805-1B356A68F7D8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B563204C-FCC8-4CC0-8F7D-8E36EC487FDA} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15A72FC6-7948-4958-B9E9-5A7C177FDB4A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8236F2D4-D6FF-46A7-8C64-AA8D63F8A2AD} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B21A95D0-B971-4B83-A482-C13472A1E120} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E4FF497D-5B54-4A71-B171-76CFB75A95A8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3AA8C399-C22F-43FF-816B-6A2A10A8533E} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DB45F4DE-FF79-48DA-8056-650B62EB17D3} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{8587C1D7-C47B-4F7B-92D0-59F56B2C3DD8}c:\\program files\\internet explorer\\iexplore.exe "= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CB388A74-62B7-4A58-98D1-D1AC08EB9FF2}c:\\program files\\internet explorer\\iexplore.exe "= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{5715595E-D205-43D0-9EB5-9578E4D85B6B} "= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{FB381A39-BD41-42AB-BC00-F1BC5BEA0161} "= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{EAC827ED-4028-401D-A230-8127D413ADE0} "= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:BlueSoleil
"{DFCD657B-6432-49B1-A990-954444F3D0C7} "= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:BlueSoleil
"TCP Query User{BB4436C1-6A0D-42A5-853D-274E70352759}c:\\users\\lisa\\appdata\\local\\temp\\low\\streamer\\streamer.exe "= UDP:c:\users\lisa\appdata\local\temp\low\streamer\streamer.exe:streamer.exe
"UDP Query User{CC1E3F23-5EB1-4525-A968-9D02484DD51B}c:\\users\\lisa\\appdata\\local\\temp\\low\\streamer\\streamer.exe "= TCP:c:\users\lisa\appdata\local\temp\low\streamer\streamer.exe:streamer.exe
"TCP Query User{FFC19463-8385-42AE-9625-44253D602B28}c:\\program files\\spacialaudio\\sambc\\sambc.exe "= UDP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"UDP Query User{4C335A74-8801-48A0-8F5E-63713780F128}c:\\program files\\spacialaudio\\sambc\\sambc.exe "= TCP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"{FE94A75E-C7F0-49C1-B95E-5535B91D0F7B} "= UDP:1221laylist
"{14EC19D2-CA39-41C4-94FF-AAA7782A9F2E} "= UDP:8000:Streamer
"{E8731A82-3A2D-4F5C-A18D-E1636FB39343} "= UDP:8466:Streamer
"{D2016D3A-7507-4132-841A-9D411C9D733A} "= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:BlueSoleil
"{ED380C11-0559-49DA-AFE9-00CA3EC52247} "= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:BlueSoleil
"TCP Query User{B25985CF-C157-4D89-A36B-3ED024DCDDE9}c:\\program files\\vuze\\azureus.exe "= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{DCA48A63-A557-42B8-8908-55EE120B336A}c:\\program files\\vuze\\azureus.exe "= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{DF96D7C1-C5C8-4224-9FD0-827F41E01F61}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex01.781\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex01.781\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{F3347105-E9B5-453C-9520-CA5BAEBCA874}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex01.781\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex01.781\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{C8D9A518-FF40-49D2-81C5-DCEAE85F95FA}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex01.750\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex01.750\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{718A70E2-6A8F-4BD2-83AA-F2979C38E951}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex01.750\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex01.750\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{36BC9355-1475-4222-AB9D-E8725954B24D}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex02.984\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex02.984\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{338A65D3-A976-45DF-8F44-6C4B18871119}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex02.984\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex02.984\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{2291BC61-A6B3-4B64-B4C3-FBF826947339}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex00.218\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex00.218\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{87140730-BD87-4977-9039-E29588DCE216}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex00.218\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex00.218\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{0A9CBE55-55B9-4252-9C46-56BA8E29F621}c:\\program files\\streamer\\streamer.exe "= UDP:c:\program files\streamer\streamer.exe:streamer
"UDP Query User{6EDDB238-9C0F-4DD8-A868-97993998E32B}c:\\program files\\streamer\\streamer.exe "= TCP:c:\program files\streamer\streamer.exe:streamer
"TCP Query User{202CF432-DDB4-4982-B2C4-AECDB5436D8D}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex01.812\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex01.812\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{1F89C52F-C849-40F7-8494-57833ECC6706}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex01.812\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex01.812\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{8B911304-146E-47B5-86C0-28B3DBF1DCA3}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex00.547\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex00.547\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{4D74AFC4-CD16-4869-91C8-0684AC9643AA}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex00.547\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex00.547\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{771AFD5F-D2B0-41E4-AC94-98E6540EEA3E}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex00.000\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex00.000\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{DC9ED1A1-6D1D-4DFB-B925-2E0ED40242AB}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex00.000\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex00.000\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{896E10C2-6957-498A-8791-80798AF0260E}c:\\users\\lisa\\appdata\\local\\temp\\low\\streamer\\streamer.exe "= UDP:c:\users\lisa\appdata\local\temp\low\streamer\streamer.exe:streamer.exe
"UDP Query User{A702BEDE-9906-40D3-8F30-9F0FDB94768F}c:\\users\\lisa\\appdata\\local\\temp\\low\\streamer\\streamer.exe "= TCP:c:\users\lisa\appdata\local\temp\low\streamer\streamer.exe:streamer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [2007-12-11 452096]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2007-12-11 46592]
R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [2007-12-11 351232]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [2008-10-24 342016]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\System32\drivers\V0470Vid.sys [2008-08-17 146368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcc2b28c-d13c-11dd-8a41-0011675f2345}]
\shell\AutoRun\command - RavMon.exe
\shell\explore\Command - RavMon.exe -e
\shell\open\Command - RavMon.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/

c:\windows\Downloaded Program Files\phasex.ocx - O16 -: {BD4C7EDB-A392-11D9-8BFB-0040953018D7}
hxxp://www.streamerp2p.com/sfiles/phasex.cab
c:\windows\Downloaded Program Files\phasex.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 21:13:14
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-04 21:14:26
ComboFix-quarantined-files.txt 2009-01-04 21:14:24

Pre-Run: 8,778,104,832 bytes free
Post-Run: 8,820,596,736 bytes free

443 --- E O F --- 2008-12-25 22:59:27

 

Once again, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
c:\windows\0
c:\windows\System32\0
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcc2b28c-d13c-11dd-8a41-0011675f2345}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

Apologies - I thought I had disabled all real time protection, now should be ok

ComboFix 09-01-02.01 - lisa 2009-01-04 23:13:17.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.892.425 [GMT 0:00]
Running from: c:\users\lisa\Desktop\ComboFix.exe
Command switches used :: c:\users\lisa\Desktop\CFScript.txt.txt
* Created a new restore point

FILE ::
c:\windows\0
c:\windows\System32\0
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\0
c:\windows\System32\0

.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-04 19:16 . 2009-01-04 19:17 <DIR> d-------- C:\rsit
2009-01-04 19:16 . 2009-01-04 19:35 <DIR> d-------- c:\program files\trend micro
2009-01-03 22:51 . 2009-01-03 22:51 <DIR> d-------- c:\programdata\Avira
2009-01-03 22:51 . 2009-01-03 22:51 <DIR> d-------- c:\program files\Avira
2009-01-01 21:16 . 2009-01-01 21:19 <DIR> d-------- c:\program files\Streamer
2009-01-01 18:42 . 2007-10-16 10:08 458,752 --a------ c:\windows\System32\Firebird2Control.cpl
2009-01-01 18:05 . 2009-01-01 18:42 <DIR> d-------- c:\program files\SpacialAudio
2009-01-01 18:05 . 2009-01-01 18:05 <DIR> d-------- c:\program files\Firebird
2009-01-01 16:42 . 2009-01-01 16:42 <DIR> d-------- c:\programdata\Symantec Temporary Files
2009-01-01 15:54 . 2009-01-04 21:31 <DIR> d-------- c:\windows\System32\CBA
2009-01-01 15:54 . 2009-01-04 21:31 <DIR> d-------- c:\program files\Symantec
2009-01-01 15:54 . 2009-01-01 15:54 209 --a------ c:\windows\ODBCINST.INI
2009-01-01 15:54 . 2009-01-04 21:31 28 --a------ c:\windows\ODBC.INI
2008-12-30 21:28 . 2009-01-01 02:45 <DIR> dr------- c:\users\lisa\Pictures
2008-12-30 20:43 . 2008-12-30 20:43 <DIR> dr------- c:\users\lisa\Searches
2008-12-29 18:16 . 2008-12-29 18:18 <DIR> d-------- c:\windows\System32\Adobe
2008-12-26 18:51 . 2008-12-26 18:51 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-12-26 16:08 . 2009-01-01 02:45 <DIR> d-------- c:\users\lisa\AppData\Roaming\Azureus
2008-12-26 16:08 . 2008-12-26 16:08 <DIR> d-------- c:\programdata\Azureus
2008-12-26 16:07 . 2008-12-26 16:51 <DIR> d-------- c:\program files\Vuze
2008-12-26 01:13 . 2008-12-26 01:13 <DIR> d-------- c:\users\lisa\AppData\Roaming\NCH Software
2008-12-26 01:08 . 2008-12-26 01:10 <DIR> d-------- c:\programdata\NCH Swift Sound
2008-12-26 01:08 . 2008-12-26 01:08 <DIR> d-------- c:\programdata\NCH Software
2008-12-26 01:08 . 2009-01-01 20:00 <DIR> d-------- c:\program files\NCH Software
2008-12-26 01:08 . 2008-12-26 01:08 27,136 --a------ c:\windows\System32\drivers\nchssvad.sys
2008-12-26 01:07 . 2009-01-01 20:01 <DIR> d--h----- c:\users\lisa\AppData\Roaming\NCH Swift Sound
2008-12-21 22:59 . 2008-12-21 22:59 <DIR> d-------- c:\program files\PIXresizer
2008-12-21 22:59 . 2002-08-29 19:00 1,703,936 --a------ c:\windows\System32\gdiplus.dll
2008-12-21 22:59 . 2007-04-15 00:05 991,232 --a------ c:\windows\System32\imageviewer2.ocx
2008-12-21 22:59 . 2000-05-22 00:00 608,448 --a------ c:\windows\System32\comctl32.ocx
2008-12-21 22:59 . 2004-03-08 23:00 224,016 --a------ c:\windows\System32\tabctl32.ocx
2008-12-21 22:59 . 1996-01-12 00:00 200,704 --a------ c:\windows\System32\threed32.ocx
2008-12-21 22:59 . 1998-06-24 00:00 164,144 --a------ c:\windows\System32\comct232.ocx
2008-12-21 22:59 . 1999-09-16 09:04 151,552 --a------ c:\windows\System32\ccrpfd6.ocx
2008-12-21 22:59 . 2000-05-01 23:02 110,592 --a------ c:\windows\System32\ccrpbds6.dll
2008-12-21 22:59 . 2000-07-09 18:15 106,496 --a------ c:\windows\System32\mbprgbar.ocx
2008-12-21 22:57 . 2008-12-21 22:57 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 14:41 . 2008-12-20 14:41 <DIR> d-------- c:\programdata\Citrix
2008-12-20 14:40 . 2008-12-20 14:40 61,480 --a------ c:\users\lisa\GoToAssistDownloadHelper.exe
2008-12-19 13:30 . 2009-01-01 02:45 <DIR> dr------- c:\users\lisa\Music
2008-12-19 02:21 . 2005-09-23 00:05 626,688 --a------ c:\windows\System32\msvcr80.dll
2008-12-19 02:21 . 2005-09-23 00:05 548,864 --a------ c:\windows\System32\msvcp80.dll
2008-12-18 09:30 . 2008-12-18 09:30 <DIR> d-------- c:\program files\Microsoft Calculator Plus
2008-12-16 18:53 . 2008-12-29 22:25 <DIR> d-------- c:\programdata\Bluetooth
2008-12-16 18:25 . 2008-12-16 18:25 <DIR> d-------- c:\program files\IVT Corporation
2008-12-15 20:48 . 2008-12-15 20:48 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-15 20:35 . 2008-12-15 20:35 <DIR> d-------- c:\programdata\BVRP Software
2008-12-15 20:35 . 2008-12-15 20:35 <DIR> d-------- c:\program files\Avanquest update
2008-12-15 20:25 . 2008-12-15 20:25 <DIR> d-------- c:\program files\Sony
2008-12-15 20:25 . 2008-12-15 20:25 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-12-15 20:22 . 2008-12-15 20:22 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-15 20:21 . 2008-12-15 20:21 <DIR> d-------- c:\programdata\Apple Computer
2008-12-15 20:21 . 2008-12-15 20:23 <DIR> d-------- c:\program files\QuickTime
2008-12-15 20:19 . 2008-12-15 20:19 <DIR> d-------- c:\programdata\Apple
2008-12-15 20:19 . 2008-12-15 20:19 <DIR> d-------- c:\program files\Apple Software Update
2008-12-15 20:16 . 2009-01-01 02:45 <DIR> d-------- c:\users\lisa\AppData\Roaming\Sony Setup
2008-12-15 20:15 . 2008-12-15 20:15 <DIR> d-------- c:\program files\Sony Setup
2008-12-15 20:11 . 2008-12-15 20:11 <DIR> d-------- c:\programdata\Sony Ericsson
2008-12-15 20:11 . 2008-12-15 20:25 <DIR> d-------- c:\program files\Sony Ericsson
2008-12-15 20:10 . 2008-12-15 20:10 <DIR> d--h----- c:\users\lisa\AppData\Roaming\InstallShield
2008-12-13 03:03 . 2008-10-22 01:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-12 19:01 . 2008-11-01 01:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-12 19:01 . 2008-10-21 05:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-12 19:01 . 2008-11-01 03:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-12 19:00 . 2008-10-29 06:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-12 19:00 . 2008-06-23 01:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-12 19:00 . 2008-06-23 01:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-12 19:00 . 2008-10-16 04:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-12 19:00 . 2008-06-23 01:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-10 10:15 . 2008-12-10 10:15 <DIR> d--h----- c:\users\lisa\AppData\Roaming\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 21:31 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-01 19:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-01 15:54 --------- d-----w c:\programdata\Symantec
2009-01-01 14:24 --------- d-----w c:\programdata\avg8
2008-12-26 09:31 106 ---ha-w c:\users\lisa\AppData\Roaming\wklnhst.dat
2008-12-13 03:14 --------- d-----w c:\program files\Windows Mail
2008-12-13 03:08 --------- d-----w c:\programdata\Microsoft Help
2008-12-03 03:08 --------- d-----w c:\program files\Windows Live
2008-12-01 21:19 --------- d-----w c:\programdata\WLInstaller
2008-11-30 03:31 174 --sha-w c:\program files\desktop.ini
2008-11-30 03:19 --------- d-----w c:\program files\Windows Sidebar
2008-11-30 03:19 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-30 03:19 --------- d-----w c:\program files\Windows Journal
2008-11-30 03:19 --------- d-----w c:\program files\Windows Collaboration
2008-11-30 03:19 --------- d-----w c:\program files\Windows Calendar
2008-11-30 03:18 --------- d-----w c:\program files\Windows Defender
2008-11-30 00:48 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-30 00:48 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-26 21:54 --------- d-----w c:\program files\Java
2008-11-25 23:44 --------- d-----w c:\programdata\Hewlett-Packard
2008-11-24 20:55 --------- d-----w c:\program files\Yahoo!
2008-11-22 17:00 --------- d--h--w c:\users\lisa\AppData\Roaming\Samsung
2008-11-22 16:59 --------- d-----w c:\program files\Samsung
2008-11-22 16:54 --------- d-----w c:\program files\FrostWire
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 14:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 13:56 31,232 ----a-w c:\windows\System32\wuapp.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-04_21.13.59.88 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-28 19:20:50 29,926 ----a-r c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2009-01-04 21:42:35 29,926 ----a-r c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
- 2008-12-23 21:54:46 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-04 21:16:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-23 21:54:46 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-04 21:16:04 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-23 21:54:46 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-04 21:16:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-04 21:13:05 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-04 23:15:33 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-01-04 20:58:00 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-04 23:02:10 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-04 20:58:00 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-04 23:02:10 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-04 20:58:00 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-04 23:02:10 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-04 21:03:24 104,412 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-04 21:14:56 105,852 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-04 21:03:24 598,938 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-04 21:14:56 600,378 ----a-w c:\windows\System32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray "= "c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-08-24 552960]
"OSD "= "c:\program files\C&E\OSD\osd.exe" [2007-08-28 671801]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-08-09 c:\windows\RtHDVCpl.exe]
"Skytel "= "Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe]

c:\users\lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder_MUI]
--a------ 2007-07-20 08:15 1089536 c:\applications\OEM\Reminder\Reminder_MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0470Cfg.exe]
--a------ 2007-04-19 17:00 24576 c:\windows\V0470Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{01EE7AA7-3AA2-4880-B847-D18E5312C93A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2E7148BA-B240-40C0-BC85-4D80EC2967F7} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DBC2BB46-4B76-49C6-8796-F8DA65CD807E} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AAFBA055-1EBB-4A9E-A308-389E82232EA8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1620F349-9F40-42B4-8FD8-AB2E2EAE1A62} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{028D7714-A376-4257-A335-C1352551CEAE} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B10E27FD-F3FB-43EE-85B1-49B107739944} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F66CE36F-B1DF-4D44-A628-5935456A5C52} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{87E301E4-3CE8-4EEB-96DE-394049B368AE} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5C320DF6-68D8-4370-930C-7FAB486D978A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{214B1143-E7B0-472E-A8A6-12725BC626B1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0B9A774C-941F-4F1C-A22E-CEFFC65C860C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{86548272-2E91-4ED5-8D54-222F02705D6A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{67ECBAFC-15E3-499A-BA6E-F8E52C749F10} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{51F711C4-850D-4D48-9B54-432AC9BF2DC1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1DBFBCA6-909E-4ACD-9FAD-21FBC165C54A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D2F5C6CF-47A8-4FEC-81EE-BDF799412674} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6D061833-C738-4C1B-B1EE-5777ACDE0E8D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{35D29408-B611-44A9-A547-19F363CDDA49} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC8EAF29-60B7-4C54-BFD7-5A71EC392FD7} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{33095913-6E00-45A0-B29C-03295BB69AB4} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{11330984-4CFB-4FD9-9D3F-81E3943D3A54} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F64DC1E8-85A5-44DB-BC30-F20E73863057} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FDBE6F0F-957C-4D3C-9D81-ABB27FE36A10} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{22DA0937-B21A-4507-AECE-30809125B66D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E3795AB9-E807-4F67-B7FC-1A8B6E5D08D1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7D0B268C-54D4-4E1A-895F-FE7D24D5D01B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CCE00CFA-F68C-45CB-8FB7-7E5DFFC7345F} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{50179C5A-6D67-44EB-8E4E-3C2CBAD033AC} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9B52EB68-CBBA-4B5B-B481-CAE203838849} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{91BF7E5C-6887-4B80-B96F-C848E630C127} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C8DE3BCE-9E4F-45C1-AB01-518DCC056162} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9D5CE404-E676-4B55-AD61-A4AB3FCCE614} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D73317F0-160F-41CF-9BF9-818B70BECB1C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{939DCF94-4836-4216-B23F-E8D212CC651D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{54F3CE2D-8B00-4750-A9EC-5C9C9A2DF547} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{160C0394-F68B-43D9-ADC4-D2CE9420AFED} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C8A195C1-404F-4FFB-8638-5AAAA198498E} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9734FB62-85D7-4FA8-8FC9-EF8CDC137536} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC5C37C8-FE0C-4F2F-8118-7C644CBADD50} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A8F56F16-6DCC-44C8-BE68-8E6743901DD3} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6C5A1DB5-59AD-4E4F-842D-A1B1ACB4B4EA} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EA70B901-88B6-43BA-A46D-2DD07520FF0C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{835B93BC-ABFA-4822-9090-88EC431DFFFA} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8133F302-39C9-4235-A85F-6E25C4E59EDD} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A1BBA0B1-FD64-471E-9712-E7D0E3FB3C55} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E23332D-F204-47B7-88E5-9FBB541C966C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{822D6A8F-9F04-47D7-81EB-5AD5B7A26CEF} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4864D38E-A9F8-4133-A970-E9BC8C7268A8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D349E4A5-9544-4FF7-AAF4-0990D01A5A73} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6AB7727A-2401-49BB-A3B9-13210A919192}c:\\program files\\limewire\\limewire.exe "= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{96AE28FB-1125-4ADA-A80D-5D249357C601}c:\\program files\\limewire\\limewire.exe "= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{550C2138-BB67-43CF-AEF6-54CBE7201AA8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{10610333-B940-4C45-95A4-5DA00DC98063} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{10A69A9F-24D0-4B6D-9B33-E8DF0C9A8BD7} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8C83760C-70B6-40F1-9732-EA8B0DC692A7} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{04708ABC-0EB1-4305-987C-8E0A1683908B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7D7507CA-9958-436E-96BB-92CBA047A09D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{47129C46-CAA2-4A72-9CAD-AD4682E26C8A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{21A484E3-3282-43D0-BCB4-771A085AD292} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1DF7F775-F217-4838-9E4F-6BA3EF8E6FC5} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ABFD5B81-4F57-43A0-A9B9-157EFF62B719} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0639C78B-4B10-4CCF-B3B1-211308DED64D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{645BAC6C-F1B0-4825-B936-D5F7EF10098F} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C8B821C8-DCBA-4462-9F9D-8E92F8DB98AE} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8A0547ED-90CD-4824-83CA-3F20FE75AF90} "= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{FF3C4E2D-0955-4DBE-8261-DCD2E241F9EB} "= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{951FC211-F71B-43F9-961A-5643F8FC87EF} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7FF7BD29-2AC4-4A3B-8DBB-5FB90A430C23} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9F4A0252-B21C-488C-8227-D5006CAEFF11} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E5401329-AB8B-4522-85E9-A31E10A0433D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8385EC85-9171-402A-982E-18DB2BC1C39A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ED3C3BCE-AE8E-4C40-A2A4-67BEEE35803D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{47151320-125F-4F10-A5CF-2E050FF585D5} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9C831183-EF9D-45E3-B9EB-70F62E35CA88} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FA7B84FE-D1C4-4EE2-905D-4853E7F6A8D0} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{906647DA-6912-4A05-B960-65A491DF17E9} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BEBD8137-753E-474A-B5A8-8B56F3AB1F15} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15FD852A-1FCE-408C-85B9-8120AA87FDE3} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{69683783-F195-4491-A5A2-B3C66DB0B596} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{426C15FF-FF2B-4672-AD01-E748F6EF3E01} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{25ECB9B8-23D9-405C-9F1C-B0A5A34209EA} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{90C69FD2-976C-483D-88A3-D89431A4F5A8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1C0C3C1C-C5CB-4C7A-9681-829490ACEBCC} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{23357C5A-5C3A-4121-99B4-2341D6CF7AD7} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0961C7EE-8422-467E-A5C8-42532D640AE2} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7D9F214C-1405-4BF7-A712-7788968702C2} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7A64F43E-3920-46FB-B675-135845F15177} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0693C7A6-EF62-4D0B-940C-48CCD66F58B5} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{870CD23A-78C6-4223-939A-C88F8582FC5D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6F50B10D-DA01-4C14-B054-835E20FFE6C9} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3A6FA2D0-F9A7-407B-A617-8C31B7393FF5} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{17B6E953-E8C4-4A66-ACDC-AABE178C4173} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7EE72803-5B1D-4E6A-9654-69343479F2DF} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6443CB5F-9B99-41B3-9E75-AFE5CBF7B64C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EA2E1E6D-6209-47F9-8A98-0BFC7FBADC59} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{938A85DC-3560-4BF2-BEA5-37F95B4D6772} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E1F6AD8-ED0C-42A0-AFC5-B124B556B3B1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AE8B63E3-33B9-4C07-AD35-D39CE92C5792} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BE392E39-2D8C-419D-9364-E042F3B31782} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{14B94C2B-7472-45E3-8941-ED489022A708} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{812F5F8F-1C33-4CBB-8A0F-093E0487090F} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{067B6238-1B3D-4569-9F91-034A303069D0} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{73621B2D-55BD-4A68-B2A4-C54F3D457E5B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B003BAF0-2D7F-47F4-8B0D-E5E4756BBF60} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2230D1D9-F908-4FED-87B9-65311F2F3E34} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{504C1F21-26C0-4511-932C-9ACF87553145} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9DCE656B-A642-4396-B8E0-8647236BB025} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7FF6AF63-A593-4F0E-8B85-602FF1648CFC} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A559F34B-D2C5-4B87-B219-71CD370D8297} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{305C7E12-E2AD-427B-93F7-3299D11C711E} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{517B2BF6-927F-4BB9-8A42-9258B36A89FA} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B836024E-D987-4FA9-9F46-217B02921023} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ACA77DBB-930C-40FF-A97E-CCD49D849289} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{36466112-5E46-4D62-81C4-9419B1C4E1AD} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F2411BA2-B586-4E52-8FBB-02AC0C13A488} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CF521988-BD28-4113-A641-1F02F74BBFDB} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F196A6E9-538F-4F7E-862A-797FCCDB2640} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{44F8DC0E-5F66-443E-AE7F-4C06FF896827} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{72E73115-51A0-400A-918B-980731708BFD} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3B0B0AC1-8B5D-4BFA-B51F-CD39AEB2F7F7} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5C858ADE-F946-4112-A86C-89266E4662B8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{86B4B213-CA08-4DA2-8287-3CA9C4DC3B77} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DF4391F5-814B-449E-9FFE-A4B769481549} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{44E1D9CF-07AD-4315-897C-56ADBCB8019E} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6B34BECB-13A1-4D62-BDCF-8DB63BF6D3AD} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2E970B9A-2AA9-48D6-8239-07C959E8428B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CDC84057-ECAE-4DC3-A43B-01919CC5AF1C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8D4A875A-C18D-4F87-BAC9-92C81FF48039} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{14397824-B92E-421E-8F36-6353509D8F51} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{406392D5-C40E-46A0-9997-C14C19044E61} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1FD36CD7-349C-4DAA-936C-683D630AB014} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{850BAC0C-C966-4FDA-8D09-E1842AF7260B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F40B47B4-DA88-4C9F-8A08-4C96BF9C6D59} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AB232920-BD1C-4167-8BD6-8B0878509A33} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DE9554A1-684E-4E14-9351-81761CC66534} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{34A80895-35E4-4670-A550-320DB0729947} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CB5F54E0-B657-4551-9DC0-FAFBCE635D30} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FE2AD66A-F167-4E15-B0AF-04E372E7C8F1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6E013249-99D0-4B36-B25A-6E9C6CFCF50D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8825D19E-1DA2-4397-9822-CB2C0E8DE756} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{68D54DA6-C426-4DE8-8E13-2274DAC38C74} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F50BBBE5-B6C3-4D26-B32A-BB120B635C46} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0484EC47-6E2E-4592-BAF7-A85CBDCB603D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{56CA0ECB-EEE5-4830-9A5C-6BAEF732A414} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0F0B2D68-CF52-4C16-84FB-ABC21CBEB43C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C9989767-FE5B-4489-AC33-057C018AA4FB} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0EDD570A-C49B-44C3-A47C-6D662CCC2673} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{61F32E05-94E0-4974-BC4F-E08839C5C919} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{370CCA59-710D-4091-90AE-D46774ECAF33} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B3925355-F91A-4256-9912-D3381530C64B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C64F08F2-BC0B-440A-9F39-E74A0894FC36} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AA4A15F1-14AC-4402-B954-36DF89EC75F8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6A36BA9D-E0F7-427A-A6FA-06A1AC03EA04} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{86814486-5386-4C40-8F18-24F1A3CBDB98} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{163F48CC-B724-44DC-B04F-3B9A0CC3D66A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CC29638B-31FC-45F1-8A77-76723931D6A8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B59D9460-4235-4B2B-8B74-9EB370D91067} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9433360E-00F2-4E04-8319-FB1289385E71} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC6002DC-76C9-4194-AE20-275996E56ADA} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8C8EB80C-369E-4E01-9E4A-7FEAA5224848} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6907326D-9462-449A-9F45-34C8DEBE0218} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4BD58D26-C5E6-4EF6-A3E2-2131D5D4D216} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CE8BB0DC-7F22-44E8-813C-8AB18DD965F5} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1A6F990A-63C3-4A47-BC10-C2F9F097675C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E38B0997-14F8-4188-93AA-428943EABAC1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CFDAF0BE-2290-4A84-AFBF-6F2959CD9076} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9B90AB21-4977-4B53-AE0F-C88FAE2824E9} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A3E70C85-3F60-4866-BA08-F559466A66A5} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{59E000A4-50F8-42BF-A761-D0CF626FD50C} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C7CD8F7B-5FE5-4E65-B26E-DFE9B8A68E9B} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{072F5B86-AC19-4A2B-952F-800930E3409D} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9813DB6C-B5A6-465C-87E1-FB1573A8F9E7} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9D4C0F22-38F2-452A-A8F1-9C9784E1B6B1} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BFCE3B01-219A-433E-8153-59E94DAA6CE6} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A979EFE7-DA98-4A4C-9EDF-3F1ECAEC0CB6} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3710D507-82A9-47F6-B887-02AE81C11A6E} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0F7DFB6C-EA40-477D-B931-BD0BDC73AD4A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1C0845DD-EABC-4466-9AF3-36DF3A71DB54} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD81B7D0-3BA8-4EEC-B805-1B356A68F7D8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B563204C-FCC8-4CC0-8F7D-8E36EC487FDA} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15A72FC6-7948-4958-B9E9-5A7C177FDB4A} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8236F2D4-D6FF-46A7-8C64-AA8D63F8A2AD} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B21A95D0-B971-4B83-A482-C13472A1E120} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E4FF497D-5B54-4A71-B171-76CFB75A95A8} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3AA8C399-C22F-43FF-816B-6A2A10A8533E} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DB45F4DE-FF79-48DA-8056-650B62EB17D3} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{8587C1D7-C47B-4F7B-92D0-59F56B2C3DD8}c:\\program files\\internet explorer\\iexplore.exe "= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CB388A74-62B7-4A58-98D1-D1AC08EB9FF2}c:\\program files\\internet explorer\\iexplore.exe "= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{5715595E-D205-43D0-9EB5-9578E4D85B6B} "= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{FB381A39-BD41-42AB-BC00-F1BC5BEA0161} "= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{EAC827ED-4028-401D-A230-8127D413ADE0} "= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:BlueSoleil
"{DFCD657B-6432-49B1-A990-954444F3D0C7} "= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:BlueSoleil
"TCP Query User{BB4436C1-6A0D-42A5-853D-274E70352759}c:\\users\\lisa\\appdata\\local\\temp\\low\\streamer\\streamer.exe "= UDP:c:\users\lisa\appdata\local\temp\low\streamer\streamer.exe:streamer.exe
"UDP Query User{CC1E3F23-5EB1-4525-A968-9D02484DD51B}c:\\users\\lisa\\appdata\\local\\temp\\low\\streamer\\streamer.exe "= TCP:c:\users\lisa\appdata\local\temp\low\streamer\streamer.exe:streamer.exe
"TCP Query User{FFC19463-8385-42AE-9625-44253D602B28}c:\\program files\\spacialaudio\\sambc\\sambc.exe "= UDP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"UDP Query User{4C335A74-8801-48A0-8F5E-63713780F128}c:\\program files\\spacialaudio\\sambc\\sambc.exe "= TCP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"{FE94A75E-C7F0-49C1-B95E-5535B91D0F7B} "= UDP:1221laylist
"{14EC19D2-CA39-41C4-94FF-AAA7782A9F2E} "= UDP:8000:Streamer
"{E8731A82-3A2D-4F5C-A18D-E1636FB39343} "= UDP:8466:Streamer
"{D2016D3A-7507-4132-841A-9D411C9D733A} "= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:BlueSoleil
"{ED380C11-0559-49DA-AFE9-00CA3EC52247} "= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:BlueSoleil
"TCP Query User{B25985CF-C157-4D89-A36B-3ED024DCDDE9}c:\\program files\\vuze\\azureus.exe "= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{DCA48A63-A557-42B8-8908-55EE120B336A}c:\\program files\\vuze\\azureus.exe "= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{DF96D7C1-C5C8-4224-9FD0-827F41E01F61}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex01.781\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex01.781\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{F3347105-E9B5-453C-9520-CA5BAEBCA874}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex01.781\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex01.781\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{C8D9A518-FF40-49D2-81C5-DCEAE85F95FA}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex01.750\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex01.750\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{718A70E2-6A8F-4BD2-83AA-F2979C38E951}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex01.750\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex01.750\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{36BC9355-1475-4222-AB9D-E8725954B24D}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex02.984\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex02.984\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{338A65D3-A976-45DF-8F44-6C4B18871119}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex02.984\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex02.984\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{2291BC61-A6B3-4B64-B4C3-FBF826947339}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex00.218\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex00.218\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{87140730-BD87-4977-9039-E29588DCE216}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex00.218\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex00.218\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{0A9CBE55-55B9-4252-9C46-56BA8E29F621}c:\\program files\\streamer\\streamer.exe "= UDP:c:\program files\streamer\streamer.exe:streamer
"UDP Query User{6EDDB238-9C0F-4DD8-A868-97993998E32B}c:\\program files\\streamer\\streamer.exe "= TCP:c:\program files\streamer\streamer.exe:streamer
"TCP Query User{202CF432-DDB4-4982-B2C4-AECDB5436D8D}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex01.812\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex01.812\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{1F89C52F-C849-40F7-8494-57833ECC6706}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex01.812\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex01.812\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{8B911304-146E-47B5-86C0-28B3DBF1DCA3}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex00.547\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex00.547\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{4D74AFC4-CD16-4869-91C8-0684AC9643AA}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex00.547\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex00.547\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{771AFD5F-D2B0-41E4-AC94-98E6540EEA3E}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex00.000\\amped chat host client\\mirc.exe "= UDP:c:\users\lisa\appdata\local\temp\rar$ex00.000\amped chat host client\mirc.exe:mirc.exe
"UDP Query User{DC9ED1A1-6D1D-4DFB-B925-2E0ED40242AB}c:\\users\\lisa\\appdata\\local\\temp\\rar$ex00.000\\amped chat host client\\mirc.exe "= TCP:c:\users\lisa\appdata\local\temp\rar$ex00.000\amped chat host client\mirc.exe:mirc.exe
"TCP Query User{896E10C2-6957-498A-8791-80798AF0260E}c:\\users\\lisa\\appdata\\local\\temp\\low\\streamer\\streamer.exe "= UDP:c:\users\lisa\appdata\local\temp\low\streamer\streamer.exe:streamer.exe
"UDP Query User{A702BEDE-9906-40D3-8F30-9F0FDB94768F}c:\\users\\lisa\\appdata\\local\\temp\\low\\streamer\\streamer.exe "= TCP:c:\users\lisa\appdata\local\temp\low\streamer\streamer.exe:streamer.exe
"{392C2EFF-3B84-47D0-AE5E-CD5FDCBF9080} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [2008-10-24 342016]
R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [2007-12-11 452096]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2007-12-11 46592]
R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [2007-12-11 351232]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\System32\drivers\V0470Vid.sys [2008-08-17 146368]
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/

c:\windows\Downloaded Program Files\phasex.ocx - O16 -: {BD4C7EDB-A392-11D9-8BFB-0040953018D7}
hxxp://www.streamerp2p.com/sfiles/phasex.cab
c:\windows\Downloaded Program Files\phasex.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 23:15:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-04 23:17:06
ComboFix-quarantined-files.txt 2009-01-04 23:17:04
ComboFix2.txt 2009-01-04 21:14:27

Pre-Run: 9,800,835,072 bytes free
Post-Run: 9,736,339,456 bytes free

451 --- E O F --- 2008-12-25 22:59:27

 

No doubt you did disable realtime protections. It's just comman practice to post a reminder each time ComboFix is run in case the user has since re-enabled them.

Log looks good. Lets do an online scan. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here. Let me know how the computer is behaving too.

 

Noah - I am unable to start the scanner, my Java is up to date but it still fails. However, the laptop is back to how it was before the initial infection, i'll try and redo the scanner again after i've eaten.

Jim

 

Jim,

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.

Please include the contents of the following in your next reply:

DDS.txt

I may ask for the Attach.txt log later, so keep it handy.

 

DDS (Version 1.1.0) - NTFSx86
Run by lisa at 14:06:31.14 on 06/01/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.44.1033.18.892.305 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\PROGRA~1\MICROS~3\wkcalrem.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\DllHost.exe
C:\Users\lisa\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [OSD] c:\program files\c&e\osd\osd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
StartupFolder: c:\users\lisa\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll

============= SERVICES / DRIVERS ===============

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbserver.exe -s defaultinstance --> c:\program files\firebird\firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-10-24 342016]
R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2007-12-11 452096]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2007-12-11 46592]
R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbguard.exe -s defaultinstance --> c:\program files\firebird\firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-12-11 351232]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [2008-8-17 146368]

=============== Created Last 30 ================

2009-01-04 21:01 161,792 a------- c:\windows\SWREG.exe
2009-01-04 21:01 98,816 a------- c:\windows\sed.exe
2009-01-04 20:35 <DIR> a-dshr-- C:\autorun.inf
2009-01-04 19:16 <DIR> --d----- c:\program files\trend micro
2009-01-03 22:51 <DIR> --d----- c:\programdata\Avira
2009-01-03 22:51 <DIR> --d----- c:\program files\Avira
2009-01-03 22:51 <DIR> --d----- c:\progra~2\Avira
2009-01-01 21:16 <DIR> --d----- c:\program files\Streamer
2009-01-01 18:42 458,752 a------- c:\windows\system32\Firebird2Control.cpl
2009-01-01 18:05 <DIR> --d----- c:\program files\SpacialAudio
2009-01-01 18:05 <DIR> --d----- c:\program files\Firebird
2009-01-01 16:42 <DIR> --d----- c:\programdata\Symantec Temporary Files
2009-01-01 16:42 <DIR> --d----- c:\progra~2\Symantec Temporary Files
2009-01-01 15:54 28 a------- c:\windows\ODBC.INI
2009-01-01 15:54 209 a------- c:\windows\ODBCINST.INI
2009-01-01 15:54 <DIR> --d----- c:\windows\system32\CBA
2009-01-01 15:54 <DIR> --d----- c:\program files\Symantec
2008-12-29 18:16 <DIR> --d----- c:\windows\system32\Adobe
2008-12-26 18:51 2,560 a------- c:\windows\_MSRSTRT.EXE
2008-12-26 16:08 <DIR> --d----- c:\programdata\Azureus
2008-12-26 16:08 <DIR> --d----- c:\progra~2\Azureus
2008-12-26 16:08 <DIR> --d----- c:\users\lisa\appdata\roaming\Azureus
2008-12-26 16:07 <DIR> --d----- c:\program files\Vuze
2008-12-26 01:13 <DIR> --d----- c:\users\lisa\appdata\roaming\NCH Software
2008-12-26 01:08 <DIR> --d----- c:\programdata\NCH Software
2008-12-26 01:08 27,136 a------- c:\windows\system32\drivers\nchssvad.sys
2008-12-26 01:08 <DIR> --d----- c:\programdata\NCH Swift Sound
2008-12-26 01:08 <DIR> --d----- c:\program files\NCH Software
2008-12-21 22:59 1,703,936 a------- c:\windows\system32\gdiplus.dll
2008-12-21 22:59 991,232 a------- c:\windows\system32\imageviewer2.ocx
2008-12-21 22:59 608,448 a------- c:\windows\system32\comctl32.ocx
2008-12-21 22:59 224,016 a------- c:\windows\system32\tabctl32.ocx
2008-12-21 22:59 200,704 a------- c:\windows\system32\threed32.ocx
2008-12-21 22:59 164,144 a------- c:\windows\system32\comct232.ocx
2008-12-21 22:59 151,552 a------- c:\windows\system32\ccrpfd6.ocx
2008-12-21 22:59 110,592 a------- c:\windows\system32\ccrpbds6.dll
2008-12-21 22:59 106,496 a------- c:\windows\system32\mbprgbar.ocx
2008-12-21 22:59 <DIR> --d----- c:\program files\PIXresizer
2008-12-21 22:57 <DIR> --d----- c:\windows\Downloaded Installations
2008-12-20 14:41 <DIR> --d----- c:\programdata\Citrix
2008-12-20 14:41 <DIR> --d----- c:\progra~2\Citrix
2008-12-20 14:40 61,480 a------- c:\users\lisa\GoToAssistDownloadHelper.exe
2008-12-19 02:21 626,688 a------- c:\windows\system32\msvcr80.dll
2008-12-19 02:21 548,864 a------- c:\windows\system32\msvcp80.dll
2008-12-18 09:30 <DIR> --d----- c:\program files\Microsoft Calculator Plus
2008-12-16 18:53 <DIR> --d----- c:\programdata\Bluetooth
2008-12-16 18:25 <DIR> --d----- c:\program files\IVT Corporation
2008-12-15 20:48 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-15 20:35 <DIR> --d----- c:\programdata\BVRP Software
2008-12-15 20:35 <DIR> --d----- c:\program files\Avanquest update
2008-12-15 20:25 <DIR> --d----- c:\program files\common files\Sony Shared
2008-12-15 20:25 <DIR> --d----- c:\program files\Sony
2008-12-15 20:21 <DIR> --d----- c:\programdata\Apple Computer
2008-12-15 20:19 <DIR> --d----- c:\programdata\Apple
2008-12-15 20:15 <DIR> --d----- c:\program files\Sony Setup
2008-12-15 20:11 <DIR> --d----- c:\program files\Sony Ericsson
2008-12-15 20:11 <DIR> --d----- c:\programdata\Sony Ericsson
2008-12-15 20:11 <DIR> --d----- c:\progra~2\Sony Ericsson
2008-12-13 03:03 2,048 a------- c:\windows\system32\tzres.dll
2008-12-12 19:01 296,960 a------- c:\windows\system32\gdi32.dll
2008-12-12 19:01 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-12 19:01 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-12 19:00 2,927,104 a------- c:\windows\explorer.exe
2008-12-12 19:00 827,392 a------- c:\windows\system32\wininet.dll
2008-12-12 19:00 2,868,736 a------- c:\windows\system32\mf.dll
2008-12-12 19:00 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-12 19:00 94,720 a------- c:\windows\system32\logagent.exe

==================== Find3M ====================

2009-01-01 01:44 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-01 01:44 86,016 a------- c:\windows\inf\infstor.dat
2009-01-01 01:44 51,200 a------- c:\windows\inf\infpub.dat
2008-12-26 09:31 106 a---h--- c:\users\lisa\appdata\roaming\wklnhst.dat
2008-11-30 03:31 174 a--sh--- c:\program files\desktop.ini
2008-11-30 03:13 665,600 a------- c:\windows\inf\drvindex.dat
2008-11-30 00:48 101,888 a------- c:\windows\system32\ifxcardm.dll
2008-11-30 00:48 82,432 a------- c:\windows\system32\axaltocm.dll
2008-11-01 03:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 03:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 03:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 03:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 03:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-22 03:57 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 a------- c:\windows\system32\connect.dll
2008-10-16 20:56 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-10-16 20:55 83,456 a------- c:\windows\system32\wudriver.dll
2008-10-16 14:08 162,064 a------- c:\windows\system32\wuwebv.dll
2008-10-16 13:56 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-11-15 15:50 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:08:00.66 ===============

 

Unless you've updated Java since first posting logs, your Java is outdated. Recommend you uninstall both Java 6 Update 5 and Java 6 Update 7, then install Java 6 Update 11 from here.
See if the Kaspersky scan works then.