Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Screen blacks out and program freezes (Inactive)

  1. 2009-08-04, 18:14 #11
    smiia
    smiia is offline
    Junior Member
    Join Date
    Feb 2008
    Location
    Kalgoorlie Australia
    Posts
    15

    Default Lots of logs (2)

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Ian & Margaret at 2009-08-04 19:29:50
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 84 GB (74%) free of 114 GB
    Total RAM: 511 MB (21% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:30:08 PM, on 04/08/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Integard\Integard.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Integard\IntegardTray.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\TP-LINK\TWCU\TWCU.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\Ian & Margaret\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Ian & Margaret.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O1 - Hosts: 127.0.0.2 integard
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [IntegardTray] C:\Program Files\Integard\IntegardTray.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
    O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
    O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
    O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
    O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
    O10 - Unknown file in Winsock LSP: c:\program files\integard\integard.dll
    O15 - Trusted Zone: *.hotmail.com
    O15 - Trusted Zone: *.msm.com
    O15 - Trusted Zone: *.passport.com
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JS...ws-i586-jc.cab
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-27-0.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Integard Service (INTEGARD) - Race River Corporation - C:\Program Files\Integard\Integard.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 10416 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{852E71A7-E898-446B-A969-FD18C6D1629C}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-03-30 722472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
    EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL [2009-02-27 107896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-03-23 2403392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-03-23 2403392]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IntelliType"=C:\Program Files\Microsoft Hardware\Keyboard\type32.exe [2002-03-22 94208]
    "WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2003-09-29 155648]
    "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-29 155648]
    "OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
    "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
    "IntegardTray"=C:\Program Files\Integard\IntegardTray.exe [2008-01-15 290816]
    "CARPService"=C:\WINDOWS\system32\carpserv.exe [2001-12-23 4608]
    "TWCU"=C:\Program Files\TP-LINK\TWCU\TWCU.exe [2006-03-15 348160]
    "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
    "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Kodak EasyShare software.lnk - C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

    C:\Documents and Settings\Ian & Margaret\Start Menu\Programs\Startup
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\cygwin\usr\X11R6\bin\XWin.exe"="C:\cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin"
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
    "C:\Program Files\Integard\Integard.exe"="C:\Program Files\Integard\Integard.exe:*:Enabled:Integard Service"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======List of files/folders created in the last 1 months======

    2009-08-04 19:29:50 ----D---- C:\rsit
    2009-08-04 18:35:29 ----SHD---- C:\Config.Msi
    2009-08-04 18:29:28 ----D---- C:\Program Files\Common Files\Adobe AIR
    2009-08-04 18:22:19 ----D---- C:\Program Files\NOS
    2009-08-04 18:22:19 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
    2009-08-04 08:12:18 ----SHD---- C:\RECYCLER
    2009-08-03 16:05:47 ----A---- C:\ComboFix.txt
    2009-08-03 15:49:06 ----SD---- C:\ComboFix
    2009-08-03 10:19:24 ----A---- C:\Boot.bak
    2009-08-03 10:18:55 ----D---- C:\cmdcons
    2009-08-03 10:13:45 ----A---- C:\WINDOWS\zip.exe
    2009-08-03 10:13:45 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-08-03 10:13:45 ----A---- C:\WINDOWS\SWSC.exe
    2009-08-03 10:13:45 ----A---- C:\WINDOWS\SWREG.exe
    2009-08-03 10:13:45 ----A---- C:\WINDOWS\sed.exe
    2009-08-03 10:13:45 ----A---- C:\WINDOWS\PEV.exe
    2009-08-03 10:13:45 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-08-03 10:13:45 ----A---- C:\WINDOWS\grep.exe
    2009-08-03 10:13:38 ----D---- C:\Qoobox
    2009-08-02 17:42:04 ----D---- C:\Documents and Settings\Ian & Margaret\Application Data\Malwarebytes
    2009-08-02 17:41:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-08-02 17:41:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-07-30 20:40:50 ----D---- C:\WINDOWS\ERDNT
    2009-07-30 20:38:25 ----D---- C:\Program Files\ERUNT
    2009-07-30 19:58:54 ----A---- C:\WINDOWS\reimage.ini
    2009-07-30 19:57:58 ----D---- C:\rei
    2009-07-30 19:57:49 ----D---- C:\Program Files\Reimage
    2009-07-30 15:25:24 ----D---- C:\WINDOWS\LMI5E0.tmp
    2009-07-16 00:30:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
    2009-07-16 00:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
    2009-07-16 00:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
    2009-07-13 14:39:36 ----D---- C:\WINDOWS\Minidump
    2009-07-10 13:42:28 ----D---- C:\WINDOWS\ie8updates
    2009-07-10 13:39:53 ----HDC---- C:\WINDOWS\ie8
    2009-07-08 12:09:43 ----D---- C:\Program Files\Audacity
    2009-07-07 14:31:58 ----D---- C:\Documents and Settings\Ian & Margaret\Application Data\Apple Computer

    ======List of files/folders modified in the last 1 months======

    2009-08-04 19:29:57 ----D---- C:\Program Files\Integard
    2009-08-04 19:23:45 ----SHD---- C:\WINDOWS\Installer
    2009-08-04 19:22:15 ----D---- C:\WINDOWS\Temp
    2009-08-04 18:58:50 ----D---- C:\WINDOWS\Prefetch
    2009-08-04 18:57:39 ----D---- C:\WINDOWS
    2009-08-04 18:44:55 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-04 18:44:51 ----SD---- C:\WINDOWS\Tasks
    2009-08-04 18:41:28 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-08-04 18:40:20 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-04 18:38:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-08-04 18:37:17 ----D---- C:\Program Files\Common Files\Adobe
    2009-08-04 18:36:10 ----D---- C:\Program Files\Adobe
    2009-08-04 18:35:08 ----D---- C:\WINDOWS\system32
    2009-08-04 18:29:34 ----D---- C:\Documents and Settings\Ian & Margaret\Application Data\Adobe
    2009-08-04 18:29:28 ----D---- C:\Program Files\Common Files
    2009-08-04 18:22:19 ----AD---- C:\Program Files
    2009-08-04 11:22:08 ----D---- C:\Program Files\Quicken
    2009-08-04 08:20:52 ----HD---- C:\WINDOWS\inf
    2009-08-03 15:58:56 ----A---- C:\WINDOWS\system.ini
    2009-08-03 15:55:44 ----D---- C:\WINDOWS\system32\drivers
    2009-08-03 15:55:44 ----D---- C:\WINDOWS\AppPatch
    2009-08-03 10:36:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-08-03 10:19:24 ----RASH---- C:\boot.ini
    2009-08-02 13:36:00 ----D---- C:\Program Files\Microsoft Silverlight
    2009-07-31 09:19:46 ----D---- C:\Program Files\Internet Explorer
    2009-07-31 09:18:43 ----HD---- C:\WINDOWS\$hf_mig$
    2009-07-31 09:18:01 ----D---- C:\WINDOWS\WinSxS
    2009-07-30 15:38:19 ----SHD---- C:\System Volume Information
    2009-07-30 15:38:19 ----D---- C:\WINDOWS\system32\Restore
    2009-07-19 21:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
    2009-07-16 00:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-07-16 00:30:35 ----A---- C:\WINDOWS\imsins.BAK
    2009-07-13 18:21:25 ----D---- C:\temp
    2009-07-10 14:38:52 ----D---- C:\WINDOWS\system32\en-US
    2009-07-10 14:38:52 ----D---- C:\WINDOWS\Media
    2009-07-10 14:38:52 ----D---- C:\WINDOWS\Help
    2009-07-07 23:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 37760]
    R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1005000.086\BHDrvx86.sys [2009-02-27 258608]
    R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1005000.086\ccHPx86.sys [2009-03-11 482352]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090623.001\IDSxpx86.sys []
    R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-25 29696]
    R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-25 28672]
    R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1005000.086\SRTSP.SYS [2009-02-27 307760]
    R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSPX.SYS []
    R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMTDI.SYS [2009-02-27 217392]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-12-31 17801]
    R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
    R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
    R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-22 9855]
    R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
    R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2001-12-23 33548]
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
    R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
    R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2003-09-29 197908]
    R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2003-09-29 10405]
    R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2003-09-29 34422]
    R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-10-04 391552]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-10-09 475788]
    R3 AR5523;TP-LINK TL-WN620G 11G Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 360288]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2001-12-23 1171488]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2001-12-23 160083]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
    R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090803.050\NAVENG.SYS []
    R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090803.050\NAVEX15.SYS []
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
    R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMFW.SYS [2009-02-27 89776]
    R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMIDS.SYS [2009-02-27 34736]
    R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-27 36400]
    R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMNDIS.SYS [2009-02-27 37296]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
    R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
    R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-12-23 591536]
    R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-25 101504]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
    S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
    S3 catchme;catchme; \??\C:\DOCUME~1\IAN&MA~1\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
    S3 cpuz128;cpuz128; \??\C:\DOCUME~1\IAN&MA~1\LOCALS~1\Temp\cpuz_x32.sys []
    S3 DVR3KUSB;DVR3KUSB.Sys Digital Voice Recorder 3K device driver; C:\WINDOWS\System32\Drivers\DVR3KUSB.sys [2003-08-08 28252]
    S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
    S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
    S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
    S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS []
    S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-27 36400]
    S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS []
    S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
    S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
    R2 ACS;TP-LINK Configuration Service; C:\WINDOWS\system32\acs.exe [2005-08-05 36864]
    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
    R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-25 876032]
    R2 INTEGARD;Integard Service; C:\Program Files\Integard\Integard.exe [2008-04-09 487424]
    R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
    R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-01 1251720]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-02-27 115560]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 138168]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------


    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-08-04 23:38:25
    PROTECTIONS: 1
    MALWARE: 8
    SUSPECTS: 2
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Windows Defender 1.1.4903.0 No No
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@atdmt[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@atdmt[3].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@atdmt[4].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@atdmt[5].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@atdmt[6].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@atdmt[7].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@atdmt[8].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@atdmt[9].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@tribalfusion[2].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@com[1].txt
    00167784 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@ad.sensismediasmart.com[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@serving-sys[7].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@serving-sys[3].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@serving-sys[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@serving-sys[4].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@serving-sys[5].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@serving-sys[6].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@bs.serving-sys[5].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@bs.serving-sys[3].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@bs.serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@bs.serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@bs.serving-sys[4].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@bs.serving-sys[6].txt
    00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Ian & Margaret\Cookies\ian_&_margaret@server.iad.liveperson[2].txt
    00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{94E73108-4D18-4575-9478-8E51B8EE5992}\RP5\A0009086.sys
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location 
    ;===================================================================================================================================================================================
    No C:\Program Files\Integard\Integard.exe 
    No C:\Program Files\PCPitstop\Optimize2\InstallHelper.dll 
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description 
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
  2. 2009-08-04, 21:24 #12
    katana
    katana is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    There are no infections showing in your logs that would cause the trouble you are having.
    The Event logs only show problems with Norton, that's why I suggested removing it for the moment.

    Let me know if you can try that.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY
  3. 2009-08-09, 23:27 #13
    katana
    katana is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
    Last edited by tashi; 2009-08-11 at 20:43. Reason: Thank you katana :)
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules