Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: help with slow performance

  1. 06-05-2009, 01:16 PM #11
    ironmaiden5536
    ironmaiden5536 is offline Junior Member
    Join Date
    May 2007
    Posts
    10
    I'll try ComboFix and get back to you with the results. Thanks.
    Reply With Quote Reply With Quote
  2. 06-05-2009, 01:59 PM #12
    ironmaiden5536
    ironmaiden5536 is offline Junior Member
    Join Date
    May 2007
    Posts
    10
    here it is...

    ComboFix 09-06-05.02 - Michael 06/05/2009 13:35.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.986 [GMT -5:00]
    Running from: c:\users\Michael\Desktop\ComboFix.exe
    FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Michael\AppData\Roaming\inst.exe
    c:\windows\system32\drivers\Msft_Kernel_SynTP_0100 0.Wdf
    c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
    c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
    c:\windows\system32\Drivers\sptd.sys
    D:\Desktop.ini

    .
    ((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
    .

    2009-06-05 18:46 . 2009-06-05 18:46 -------- d-sh--w- \$RECYCLE.BIN
    2009-06-05 18:42 . 2009-06-05 18:42 -------- d-----w- C:\temp
    2009-06-05 18:33 . 2009-06-05 18:33 -------- d-----w- \Qoobox
    2009-06-05 17:15 . 2009-03-09 16:06 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\NAVENG.SYS
    2009-06-05 17:15 . 2009-03-09 16:06 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\NAVEX15.SYS
    2009-06-05 17:15 . 2009-03-09 16:06 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\NAVENG32.DLL
    2009-06-05 17:15 . 2009-03-09 16:06 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\NAVEX32A.DLL
    2009-06-05 17:15 . 2009-03-09 16:06 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\EECTRL.SYS
    2009-06-05 17:15 . 2009-03-09 16:06 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\ECMSVR32.DLL
    2009-06-05 17:15 . 2009-03-09 16:06 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\ERASER.SYS
    2009-06-05 17:15 . 2009-03-09 16:06 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\CCERASER.DLL
    2009-06-03 23:49 . 2009-06-05 03:09 -------- d-----w- c:\users\Michael\AppData\Local\Apple Computer
    2009-06-03 19:58 . 2009-06-03 19:58 -------- d-----w- c:\program files\ESET
    2009-06-03 19:24 . 2009-06-03 19:24 -------- d-----w- c:\users\Michael\AppData\Local\Apple
    2009-06-02 23:00 . 2009-06-02 23:00 -------- d-----w- c:\users\Michael\AppData\Local\Adobe
    2009-06-02 21:47 . 2009-06-02 21:47 -------- d-----w- c:\users\Michael\AppData\Local\AOL OCP
    2009-06-02 21:47 . 2009-06-02 21:47 -------- d-----w- c:\users\Michael\AppData\Local\AOL
    2009-06-02 21:32 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-02 21:32 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-02 21:32 . 2009-06-02 21:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-02 01:57 . 2009-06-02 01:58 -------- d-----w- c:\program files\QuickTime
    2009-05-29 18:42 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\Scxpx86.dll
    2009-05-29 18:42 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSXpx86.sys
    2009-05-29 18:42 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSvix86.sys
    2009-05-29 18:42 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSxpx86.dll
    2009-05-29 18:42 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSviA64.sys
    2009-05-27 16:09 . 2009-05-27 16:10 65294248 ----a-w- c:\programdata\Sling Media\AutoUpdateFiles\D367SLingPlayer.exe
    2009-05-26 17:44 . 2009-05-26 17:44 -------- d-----w- c:\program files\HandBrake
    2009-05-24 19:30 . 2009-05-24 19:30 -------- d-----w- c:\program files\Nimbuzz
    2009-05-23 20:30 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513. 001\Scxpx86.dll
    2009-05-23 20:30 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513. 001\IDSXpx86.sys
    2009-05-23 20:30 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513. 001\IDSvix86.sys
    2009-05-23 20:30 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513. 001\IDSxpx86.dll
    2009-05-23 20:30 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513. 001\IDSviA64.sys
    2009-05-23 20:29 . 2009-05-23 20:29 738120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
    2009-05-15 23:43 . 2009-05-15 23:43 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Brow se\NetTVResources.dll
    2009-05-15 08:51 . 2009-05-24 03:54 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
    2009-05-15 08:51 . 2009-05-24 03:53 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
    2009-05-15 08:50 . 2009-05-24 03:53 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
    2009-05-15 08:49 . 2009-05-15 08:49 -------- d-----w- c:\windows\Replay Media Catcher
    2009-05-15 08:48 . 2009-05-26 06:00 -------- d-----w- c:\program files\Replay Media Catcher

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2009-06-05 18:44 . 2007-08-23 21:40 2459627520 --sha-w- \pagefile.sys
    2009-06-05 18:43 . 2007-08-23 21:47 1660 ----a-w- c:\windows\bthservsdp.dat
    2009-06-05 17:15 . 2009-04-16 03:55 28029 ----a-w- c:\programdata\nvModes.dat
    2009-06-03 05:35 . 2008-06-26 02:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-06-02 23:28 . 2007-09-01 17:18 -------- d-----w- c:\program files\PowerISO
    2009-05-26 18:56 . 2008-11-13 06:23 -------- d-----w- c:\users\Michael\AppData\Roaming\Skype
    2009-05-26 18:56 . 2008-11-13 06:24 -------- d-----w- c:\users\Michael\AppData\Roaming\skypePM
    2009-05-16 12:50 . 2008-06-26 02:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-05-15 09:28 . 2007-08-31 22:01 -------- d-----w- c:\users\Michael\AppData\Roaming\uTorrent
    2009-05-15 08:07 . 2007-06-19 10:53 -------- d-----w- c:\programdata\Microsoft Help
    2009-05-15 08:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-04-30 23:15 . 2007-09-02 19:08 -------- d-----w- c:\users\Michael\AppData\Roaming\Canon
    2009-04-27 20:21 . 2009-02-28 01:41 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2009-04-27 20:05 . 2009-05-01 19:47 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-04-27 20:05 . 2009-04-27 20:05 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
    2009-04-16 17:08 . 2008-02-16 19:01 -------- d-----w- c:\programdata\NVIDIA
    2009-04-11 05:34 . 2007-08-30 22:34 28029 ----a-w- c:\users\Michael\AppData\Roaming\nvModes.dat
    2009-04-08 00:14 . 2009-04-08 00:14 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-08 00:14 . 2009-04-08 00:14 -------- d-----w- c:\program files\iTunes
    2009-04-08 00:14 . 2009-04-08 00:14 -------- d-----w- c:\program files\iPod
    2009-04-08 00:14 . 2007-09-01 05:13 -------- d-----w- c:\program files\Common Files\Apple
    2009-04-08 00:07 . 2009-04-08 00:07 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
    2009-03-19 21:32 . 2009-04-08 00:14 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-03-19 21:32 . 2009-03-19 21:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-18 18:59 . 2008-10-09 23:56 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-03-17 03:38 . 2009-04-15 19:35 13824 ----a-w- c:\windows\system32\apilogen.dll
    2009-03-17 03:38 . 2009-04-15 19:35 24064 ----a-w- c:\windows\system32\amxread.dll
    2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Sc xpx86.dll
    2009-03-09 19:53 . 2009-03-09 19:53 69664 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\64\lbd.sys
    2009-03-09 19:53 . 2009-03-09 19:53 274792 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\64\AAWDriverTool.exe
    2009-03-09 19:52 . 2009-03-09 19:52 73064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
    2009-03-09 10:19 . 2008-12-10 05:03 410984 ----a-w- c:\windows\system32\deploytk.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Google Update"="c:\users\Michael\AppData\Local\Google\Upd ate\GoogleUpdate.exe" [2008-12-03 133104]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-09-19 66816]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
    "CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ ASTSVCC.dll" [2003-12-22 17920]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 163840]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-29 518488]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
    "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-12-04 92704]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-09 4390912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\APSHook.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
    Notification Packages REG_MULTI_SZ scecli ASWLNPkg

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Clean Access Agent.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk
    backup=c:\windows\pss\Clean Access Agent.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Michael^AppData^Roam ing^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\users\Michael\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications\List]
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
    "{FD8CC398-C3F7-41BE-98A5-C6A62BB10958}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{13C9E86B-54AE-4A87-A2EF-44ED2B50EF5F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{220513BC-B2BE-4FA0-BAC9-60F5F7F74726}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
    "{5A90CF99-4F43-41A7-BD63-833D156B1E88}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{95383F02-9BF8-4FFB-9917-671A202B8E80}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{CD4068D7-B5D6-4E40-BF0F-A5E33A97304B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{94F144FD-51FF-47FC-9888-47B9EB6EBB2C}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{D4E92348-BAF7-45C0-8F15-C60F4331067A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{F03EBEA6-16B0-45AC-BFB6-B06BA544D646}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{463360B5-9168-4A8C-99C2-D408F72A831A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{BD401096-17CE-4EC9-9875-511E1990B5D5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{0972E767-D1E9-4BA6-B974-B2FFE93F6FE0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{FD63C072-B217-426F-94EB-29EB595F8FFC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{CB3BDBCE-808B-47DC-8684-8147FB149A47}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
    "{E9B38C58-9667-4192-85AE-9B34C2DBDAB9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
    "{B1897D15-107E-4F7B-B33B-96605761AC75}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{200F605A-7E89-41AD-83BF-934E46A7EB4D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{DD98F6BE-E108-44A1-B251-95D8C6301204}c:\\program files\\airport\\apagent.exe"= UDP:c:\program files\airport\apagent.exe:AirPort Base Station Agent
    "UDP Query User{706EF837-1DEF-45D2-9346-6F4E79DFE800}c:\\program files\\airport\\apagent.exe"= TCP:c:\program files\airport\apagent.exe:AirPort Base Station Agent
    "TCP Query User{A55E98F4-4492-4327-AA54-B86562560AF4}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{A4485829-CDF8-4582-BFE1-F39B11A815FA}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{05801DED-9433-4EBA-B9CA-8A3DCCBB4BEF}"= UDP:990:LocalSubnet:LocalSubnet|IF={D25E9E4A-D581-4C0C-99CB-3AF6D9AB32DB}|%SystemRoot%\system32\svchost.exe|Sv c=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
    "{ED1171C8-6749-424A-9FFB-298B3136AFC5}"= UDP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
    "{6382BFE2-70C7-4CFF-9A59-07ADA808FDB6}"= TCP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
    "{37A7B586-DF66-4DF4-917E-B07185AFFD5E}"= UDP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:Tu nebiteHelper
    "{E2BF2A6E-34D6-4A7B-B8D3-0D30A3A4736E}"= TCP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:Tu nebiteHelper
    "TCP Query User{1D6D180D-598E-4CAF-9486-2C1CC04B2113}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
    "UDP Query User{E9ADA256-24FD-4560-AE03-6A586244BF9F}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
    "{010BCB0B-AE69-4C9E-B3D2-CDC20FA4C1BF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{B6325566-44E6-4BAD-8DAC-B67796009F7B}"= UDP:990:LocalSubnet:LocalSubnet|IF={D25E9E4A-D581-4C0C-99CB-3AF6D9AB32DB}|%SystemRoot%\system32\svchost.exe|Sv c=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
    "{24778982-55AB-4A7B-93F7-98E9805F6E9F}"= UDP:990:LocalSubnet:LocalSubnet|IF={D25E9E4A-D581-4C0C-99CB-3AF6D9AB32DB}|%SystemRoot%\system32\svchost.exe|Sv c=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
    "{7D21A26D-7A12-4A8E-BA3C-25E05060B3E9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{DA3245CD-BF63-4C26-961C-231FEB0C064D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "TCP Query User{A6470E6C-4038-4CCD-8D1E-1451809B2C9C}c:\\program files\\tightvnc\\winvnc.exe"= UDP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
    "UDP Query User{0699C4D7-89C3-4F2A-9CFD-4FB06A34F92C}c:\\program files\\tightvnc\\winvnc.exe"= TCP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
    "{BCC29B56-97B5-45E7-85B3-BA4ECE214E95}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{9DA5012B-D02A-4F25-AB0C-0AAFCFDFEEBD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{DE8F5931-1F41-4BB7-9858-6B1F6347F3CA}"= TCP:5353:Bonjour
    "{48C1AD69-E6C9-4E78-A53C-6C09DD7B793C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{0783FAB5-5D18-470E-AC40-F8B7F6E4C625}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "TCP Query User{8F226577-F2AF-40C6-A865-F6EEC71C0332}c:\\program files\\simplify media\\simplifypeer.exe"= UDP:c:\program files\simplify media\simplifypeer.exe:Simplify Media Peer
    "UDP Query User{0A3B8CA2-6374-4703-A1EF-620BE925FED1}c:\\program files\\simplify media\\simplifypeer.exe"= TCP:c:\program files\simplify media\simplifypeer.exe:Simplify Media Peer
    "TCP Query User{BD2E5D62-2B36-4934-92EB-E1BE990C3912}c:\\program files\\iphone tunnel suite\\itunnel\\itunnel.exe"= UDP:c:\program files\iphone tunnel suite\itunnel\itunnel.exe:iTunnel
    "UDP Query User{CBB8F3E7-2120-48BF-937E-3C3E7DD3DB92}c:\\program files\\iphone tunnel suite\\itunnel\\itunnel.exe"= TCP:c:\program files\iphone tunnel suite\itunnel\itunnel.exe:iTunnel
    "TCP Query User{80F5BFCE-8F4C-4353-8FDA-1205CB78BE7F}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{D96F7C76-4633-469D-B104-91C85FE171E3}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
    "TCP Query User{BCCFC918-BD9C-49EE-8C48-1A63AD087A6E}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
    "UDP Query User{D89E8887-B961-4ACE-9B29-C75F813718B3}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
    "TCP Query User{3C8159B2-6309-4AC3-B67B-2B69515F09C5}c:\\program files\\simplify media\\simplifymedia.exe"= UDP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
    "UDP Query User{8BFBBB26-4FDF-47A7-90ED-75E0BAD6857A}c:\\program files\\simplify media\\simplifymedia.exe"= TCP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
    "TCP Query User{CF08D22A-9228-44FB-AB54-5CA4106E6738}c:\\program files\\simplify media\\simplifymedia.exe"= UDP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
    "UDP Query User{E50D691B-D21B-40D0-B5FC-AA82FBF52DB9}c:\\program files\\simplify media\\simplifymedia.exe"= TCP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
    "{2C5CB0FE-FDDE-45EE-B58C-1B455CE330C1}"= UDP:c:\program files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
    "{F1EB1D76-60E3-4C50-819E-0F9A66787DE1}"= TCP:c:\program files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
    "TCP Query User{C0D91D49-C911-4F92-AC7E-265232D2EE99}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{B8F11B35-B502-49A8-A5F1-2A10330019BD}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
    "{4C8D07BE-99F3-49CD-A30F-171E0A5554EC}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "TCP Query User{DE214E1F-FAEC-41AE-A6C7-732D561D63BD}c:\\program files\\iphone tunnel suite\\itunnel\\itunnel.exe"= UDP:c:\program files\iphone tunnel suite\itunnel\itunnel.exe:iTunnel
    "UDP Query User{E4E3BCE8-6B63-4A82-8B11-A2C629432AF9}c:\\program files\\iphone tunnel suite\\itunnel\\itunnel.exe"= TCP:c:\program files\iphone tunnel suite\itunnel\itunnel.exe:iTunnel
    "{E2B11B59-7939-4613-8975-354DA7913B7D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{C0EDF424-8067-498D-BA67-E4E79BCDE5B0}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{0F56AB9A-E420-462C-BBBC-734370338519}c:\\program files\\matlab\\r2007b\\bin\\win32\\matlab.exe"= UDP:c:\program files\matlab\r2007b\bin\win32\matlab.exe:MATLAB
    "UDP Query User{7337BC20-E3CD-47B5-AA43-8239254D5B77}c:\\program files\\matlab\\r2007b\\bin\\win32\\matlab.exe"= TCP:c:\program files\matlab\r2007b\bin\win32\matlab.exe:MATLAB
    "TCP Query User{65CCA60B-5168-49B9-B233-83A98D615416}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
    "UDP Query User{AD0B321E-9F71-4804-87A3-8559C3B7F4AD}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
    "TCP Query User{1472E0E6-301F-468D-B5D2-08F6288F17D6}c:\\program files\\sling media\\slingplayer\\slingplayer.exe"= UDP:c:\program files\sling media\slingplayer\slingplayer.exe:SlingPlayer
    "UDP Query User{8F4E85A3-71AE-44DE-9B01-0424764F1990}c:\\program files\\sling media\\slingplayer\\slingplayer.exe"= TCP:c:\program files\sling media\slingplayer\slingplayer.exe:SlingPlayer
    "{08D0B160-91D4-46B0-86E3-9C40862D5C96}"= UDP:c:\program files\AirPort\APAgent.exe:AirPort
    "{AC9B5F0E-FCAB-4A3A-97BF-F1856EF6E275}"= TCP:c:\program files\AirPort\APAgent.exe:AirPort
    "{80A107E3-51F1-408C-B862-29A4B2C27FCB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{FB143D37-10D5-4F30-A6F3-F3C0497B6175}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{C4CE9C36-8623-45CB-ACD9-E5F9F445531F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{6B308980-7D10-4608-9BD3-2664AA4357F9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{5FE55DCD-B762-4705-94C2-79BBFD542BB3}"= UDP:c:\program files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
    "{2F6E19EA-4758-419D-BFBA-E63E7E6AFE02}"= TCP:c:\program files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [5/1/2009 2:47 PM 64160]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000 .086\SymEFA.sys [3/18/2009 1:59 PM 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086 \BHDrvx86.sys [3/18/2009 1:59 PM 258608]
    R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.0 86\cchpx86.sys [3/18/2009 1:59 PM 482352]
    R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSvix86.sys [5/29/2009 1:42 PM 292912]
    R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [5/29/2008 6:33 PM 21504]
    R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [5/29/2008 6:33 PM 21504]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1005904]
    R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [3/18/2009 1:59 PM 115560]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [6/25/2008 9:21 PM 1153368]
    R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [3/10/2009 12:09 AM 93960]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/23/2007 9:56 PM 24652]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 9:17 PM 101936]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 3:40 PM 3668480]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086 \symndisv.sys [3/18/2009 1:59 PM 39984]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    Cognizance REG_MULTI_SZ ASBroker ASChannel
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
    c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:47]

    2009-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-427839270-3882261659-512520142-1000.job
    - c:\users\Michael\AppData\Local\Google\Update\Googl eUpdate.exe [2008-12-03 00:40]

    2009-05-15 c:\windows\Tasks\HPCeeScheduleForMichael.job
    - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-06-19 21:23]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-MtdAcqu - c:\program files\Creative\MediaSource5\MtdAcqu.exe
    HKCU-Run-Aim6 - (no file)
    HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    SafeBoot-procexp90.Sys


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig?hl=en%5C
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion &pf=laptop
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\P rofiles\r1ny888h.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl. dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\users\Michael\AppData\Local\Google\Update\1.2.1 45.5\npGoogleOneClick8.dll
    FF - plugin: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\P rofiles\r1ny888h.default\extensions\moveplayer@mov enetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll
    .

    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-05 13:47
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N orton AntiVirus]
    "ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-427839270-3882261659-512520142-1000\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{471EB9A8-9996-E246-71E2-203FD5233EC0}*]
    "nafmceappfakpnedgkkgpbdfigka"=hex:6a,61,6c,6a,62, 70,69,65,6e,6f,70,66,67,61,
    66,70,6e,6a,62,69,00,7f
    "gbhgkgpidfbgjfhkjgdbfehffmfljnanbclcindaedbhlf"=h ex:6c,61,6c,6c,61,6d,6f,6e,
    6f,6c,62,6d,65,70,6a,68,6b,68,61,65,69,6d,66,69,00 ,00
    "bbngajeapfbpapifemahjbkjckodancbehpj"=hex:6e,61,6 c,6a,64,70,6a,6b,62,63,6c,63,
    62,63,6e,68,68,62,6f,66,66,6c,70,6c,63,66,67,6d,00 ,83
    "oapmiacohdnkmgfncmecimkahjfokd"=hex:6a,61,6c,6a,6 2,70,69,65,6e,6f,70,66,67,61,
    66,70,6e,6a,62,69,00,7f

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(804)
    c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
    c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll

    - - - - - - - > 'Explorer.exe'(4396)
    c:\windows\system32\APSHook.dll
    c:\windows\system32\btncopy.dll
    c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll
    c:\program files\WinSCP\DragExt.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\nvvsvc.exe
    c:\windows\System32\audiodg.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    c:\program files\TightVNC\WinVNC.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\Bioscrypt\VeriSoft\Bin\asghost.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    ************************************************** ************************
    .
    Completion time: 2009-06-05 13:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-05 18:57

    Pre-Run: 31,950,675,968 bytes free
    Post-Run: 31,923,666,944 bytes free

    387 --- E O F --- 2009-05-15 08:07
    Reply With Quote Reply With Quote
  3. 06-05-2009, 02:32 PM #13
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Why did you run combofix twice? Plus your Norton program was RUNNING when this last one was done. Too late now, DON'T run combofix again unless directed to do so. It will take awhile to go through this 2nd log. Wish I could see the first one.
    Reply With Quote Reply With Quote
  4. 06-05-2009, 05:13 PM #14
    ironmaiden5536
    ironmaiden5536 is offline Junior Member
    Join Date
    May 2007
    Posts
    10
    I only ran it once. This is the log from C:\ComboFix.txt after it had restarted. And I had disabled every function of norton, I don't know why it said it was on. I had turned off the firewall, antivirus, email scanning, and a couple other things.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules