We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

Browsers freezing

2»

Comments

  • westiea
    westiea Posts: 432 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    And the second part..................

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{3E2A1EDC-2DD7-42BF-B640-E5F9E1A38B3C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{E5E977AE-C4D6-43D2-A5C2-7F96BC4EF53B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{EEB1C484-AF95-4830-8B72-2622C014599F}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
    "{B1694D37-A4AE-45BA-A352-D82965C9EB26}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
    "{039808DD-ECC6-4443-869B-C75DD59F6390}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{B37C050A-4F2A-421C-B8FA-48B52818D7E4}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{7B8763B7-32EA-46D0-A805-4075D3790108}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{043DDF05-3711-4745-A097-A241D4F81D74}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
    "{EBDE1DC8-9245-4A95-BCE2-6BCA66E74462}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
    "{F3CFBD56-B126-4316-AF41-624787C6B598}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
    "{BD7C6BA1-8C99-4FFA-BCCF-8396F1849937}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
    "{66E8462B-E3E4-468F-811E-41ECE2BBCE03}"= UDP:c:\program files\DNA\btdna.exe:DNA
    "{5E233521-F859-4756-AB06-40D1F0FC64DE}"= TCP:c:\program files\DNA\btdna.exe:DNA
    "{6178B5DC-9BCF-42AF-81E8-96F4CA4B5491}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "{105C8401-8CB1-4B12-B0ED-55714302267F}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "{F7BBBAE6-9B7E-450E-B0DF-971EFB2192D0}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{B626B79A-D9B4-4B8D-9096-DF4E7FABB9E0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{344C7D08-E8E3-4CD5-B0B8-CF60E8AE2CDE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{A9D41A31-67DE-405D-AE95-15CC391E9379}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{BF8D622B-C536-4B32-822A-15DB43175637}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{F428AFBE-4885-46BF-B199-811D30C32017}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
    "{8B945662-33C6-4E4A-8E0F-2E589971741D}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
    "{635B31A6-C4F7-4841-A1B3-1EA430A678FD}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{10A8AA8A-9AD2-4DD6-B06C-CBD6839C8077}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{1DCB7CFE-9606-4188-9B10-5AF75477EBDB}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{69CA6906-7CB3-4614-BD99-55EE8EA3EEF8}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{223C8E74-E460-4547-B148-12E98AD2DF55}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{382E5032-2A8A-47FF-BD5F-BD8AB367E7D8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{EDF3C25B-3536-471B-8D57-C3D046ED29E5}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{5DFE3C3D-2D16-4610-96C6-2C7343E5BBEA}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{4281AF3C-6CEC-49F7-95DE-9ADEC81209AB}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
    "{C8C6131E-B032-4194-8683-7370C9A574C3}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
    "{34325E6C-C0F4-4D99-B47E-56FA2406D552}"= Disabled:UDP:f:\setup\HPZNUI01.EXE:hpznui01.exe
    "{59938377-58A8-48CD-9FA1-714B0635BF04}"= Disabled:TCP:f:\setup\HPZNUI01.EXE:hpznui01.exe
    "{A14712DC-F342-4EA2-9EE4-A62548C90705}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{818C0A67-DEC2-4633-83AF-FD9FB3530077}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{C7D45396-412F-4713-9728-846BA1D43DEB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{522EB51B-2BF6-45F1-8D05-00269F119AC6}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{4E7BA6E0-5F42-4805-868F-6383E33046B3}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
    "{3DF7B007-839A-4642-833E-C71032F55DF8}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
    "{BFCAF405-01CE-49D0-92E5-B2DBCFC7C917}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
    "{B852629B-160D-4482-8E2D-1CF00CADDB1B}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
    "{26B86B84-912A-45A2-9522-73DAC2EC5289}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{13FA8807-FD0F-4009-ACFB-0FFA45642F69}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{BC290A75-068F-4340-B00D-9A525087D001}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
    "{0F1A908A-0095-4EE4-BA25-54B78C4D3393}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
    "{24A79DEF-E861-4814-93BB-4188C41D0FE8}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
    "{F0512CDB-7EAB-47A3-9D97-6FA5B9E9F510}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
    "{AEAA4740-AA67-41E4-9716-59F96F9E2032}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
    "{400DEB96-ECD9-4447-BB24-502A4A5C64B1}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
    "{9E6A8E03-8208-4811-BD61-9F077C95149D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
    "{7CD7CEEA-2EBE-4ED4-AF86-126F505BE594}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
    "{FE8712E9-12AA-4617-920F-E22A78126083}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
    "{39717D85-AA83-4FF7-98F5-741FF4100347}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
    "{18BD0991-E015-4837-8FA3-382C8E9185D7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{DB79774B-FED6-46CC-947A-8035367621C1}"= UDP:990:LocalSubnet:LocalSubnet|IF={AFECA986-B1CD-492C-AA89-068AD9D51E2B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
    "{3DFD1DF6-D1E8-480A-B185-C8E5726D3FAD}"= UDP:c:\program files\DNA\btdna.exe:DNA
    "{E00BCACB-CC82-4351-806E-8E7429D901A5}"= TCP:c:\program files\DNA\btdna.exe:DNA
    "{1644DE75-DF98-457F-B2CA-75B43229E638}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{C5EAF0CE-43C1-4520-A80B-DBE170814746}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{719C1A46-F78C-4ADF-A2FB-7A3EB4C2F695}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{FED368A3-4285-4958-A57D-D34087BC2F49}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{0820BE19-7DEE-416C-9277-E76800064915}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
    "{87D39ED5-8A7A-4072-8CC4-47F75CC3A9D6}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
    "TCP Query User{FDC63A57-7327-4DA0-97F6-D1B233B0BD10}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
    "UDP Query User{5B410473-F770-41F3-81A0-437CF07F5853}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
    "TCP Query User{6693ED2D-7D0B-47DA-A24E-D8F6C1755BCD}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "UDP Query User{7EBB1289-0BF0-44E0-9239-5B0DD1C2CE31}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "DoNotAllowExceptions"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-05 108289]
    R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-18 11032]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-29 600912]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-07-24 73472]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-07-24 43904]
    R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-07-24 812544]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-09-07 745472]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-09-07 397312]
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-09-07 1089536]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-07 292152]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-12-29 79136]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - AVGIO
    *NewlyCreated* - AVGNTFLT
    *NewlyCreated* - AVIPBB

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPService REG_MULTI_SZ HPSLPSVC
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - g:\autorun\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \shell\AutoRun\command - I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17fb7fa7-b66c-11dc-a788-001bfbce463b}]
    \shell\AutoRun\command - I:\
    \shell\open\Command - .\autorun.exe explore

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17fb7faa-b66c-11dc-a788-001bfbce463b}]
    \shell\AutoRun\command - H:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{279acb5a-24d9-11dd-bd56-001bfbce463b}]
    \shell\AutoRun\command - h:\wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fdd607f-d37e-11dd-92ac-001bfbce463b}]
    \shell\AutoRun\command - H:\DPFMate.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b92eae8a-1d92-11dd-9061-001a8040733f}]
    \shell\AutoRun\command - I:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2007-12-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

    2009-04-05 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2009-02-12 18:10]
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-Google Update - c:\users\Norah\AppData\Local\Google\Update\GoogleUpdate.exe


    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.daemon-search.com/startpage
    uInternet Settings,ProxyOverride = *.local
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: plaxo.com\www
    FF - ProfilePath - c:\users\Norah\AppData\Roaming\Mozilla\Firefox\Profiles\prxmiyt4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.google.co.uk/
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
    FF - plugin: c:\users\Norah\Program Files\DNA\plugins\npbtdna.dll
    FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-05 14:57:55
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-04-05 15:00:20
    ComboFix-quarantined-files.txt 2009-04-05 14:00:18

    Pre-Run: 71,938,428,928 bytes free
    Post-Run: 71,940,907,008 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=75 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75
    389 --- E O F --- 2009-03-16 07:31:22
    Greyer by the minute - Older by the hour - Wiser by the day
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    You are missing the top bit of the combofix log - please post the FULL log
  • westiea
    westiea Posts: 432 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    ComboFix 09-04-04.01 - Norah 2009-04-05 22:25:03.3 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1266 [GMT 1:00]
    Running from: c:\users\Norah\Downloads\ComboFix.exe
    FW: ZoneAlarm Pro Firewall *disabled*
    .

    ((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 )))))))))))))))))))))))))))))))
    .

    2009-04-05 14:45 . 2009-04-05 14:45 <DIR> d
    c:\programdata\Avira
    2009-04-05 14:45 . 2009-04-05 14:45 <DIR> d
    c:\program files\Avira
    2009-04-05 14:45 . 2009-02-13 11:31 55,640 --a
    c:\windows\System32\drivers\avgntflt.sys
    2009-03-25 23:47 . 2009-04-03 02:45 211,003,547 --a
    c:\windows\MEMORY.DMP
    2009-03-25 18:20 . 2009-03-25 18:20 <DIR> d
    c:\users\Norah\AppData\Roaming\GlarySoft
    2009-03-25 18:14 . 2009-03-25 18:14 <DIR> d
    c:\program files\Glary Utilities
    2009-03-25 17:48 . 2009-03-25 17:48 <DIR> d
    c:\programdata\NortonInstaller
    2009-03-25 15:11 . 2009-03-25 15:11 <DIR> d
    c:\program files\Trend Micro
    2009-03-11 09:02 . 2008-12-16 04:29 8,147,456 --a
    c:\windows\System32\wmploc.DLL
    2009-03-11 09:02 . 2009-02-09 04:10 2,033,152 --a
    c:\windows\System32\win32k.sys
    2009-03-11 09:02 . 2008-11-27 05:43 268,288 --a
    c:\windows\System32\schannel.dll
    2009-03-11 09:02 . 2008-12-16 06:31 7,680 --a
    c:\windows\System32\spwmp.dll
    2009-03-11 09:02 . 2008-12-16 06:31 4,096 --a
    c:\windows\System32\msdxm.ocx
    2009-03-11 09:02 . 2008-12-16 06:31 4,096 --a
    c:\windows\System32\dxmasf.dll
    2009-03-08 18:47 . 2009-03-08 18:47 <DIR> d
    c:\program files\Alwil Software

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-05 21:16 352,605 ---ha-w c:\windows\system32\drivers\vsconfig.xml
    2009-04-05 21:15 3,268,096 ----a-w c:\windows\Internet Logs\xDB7BB4.tmp
    2009-04-05 19:42 3,264,512 ----a-w c:\windows\Internet Logs\xDBCFBC.tmp
    2009-04-05 07:23 1,104,384 ----a-w c:\windows\Internet Logs\xDB7DB7.tmp
    2009-04-02 08:38 3,256,320 ----a-w c:\windows\Internet Logs\xDB9339.tmp
    2009-04-02 08:30 3,255,808 ----a-w c:\windows\Internet Logs\xDB842C.tmp
    2009-04-02 06:22 3,255,296 ----a-w c:\windows\Internet Logs\xDB8352.tmp
    2009-04-01 07:14 3,254,784 ----a-w c:\windows\Internet Logs\xDB7A2E.tmp
    2009-04-01 04:38 3,253,760 ----a-w c:\windows\Internet Logs\xDB7C31.tmp
    2009-03-31 07:14 3,253,248 ----a-w c:\windows\Internet Logs\xDB8101.tmp
    2009-03-29 11:38
    d
    w c:\users\Norah\AppData\Roaming\BitTorrent
    2009-03-29 07:01 3,251,712 ----a-w c:\windows\Internet Logs\xDB821A.tmp
    2009-03-28 16:26 3,249,664 ----a-w c:\windows\Internet Logs\xDB8150.tmp
    2009-03-27 09:38 3,248,640 ----a-w c:\windows\Internet Logs\xDB892B.tmp
    2009-03-25 17:00
    d
    w c:\programdata\Spybot - Search & Destroy
    2009-03-25 16:59
    d
    w c:\program files\CCleaner
    2009-03-25 14:13 3,227,136 ----a-w c:\windows\Internet Logs\xDB814F.tmp
    2009-03-25 10:52 3,226,624 ----a-w c:\windows\Internet Logs\xDB7F8C.tmp
    2009-03-25 09:14
    d
    w c:\program files\SUPERAntiSpyware
    2009-03-25 08:42 3,223,040 ----a-w c:\windows\Internet Logs\xDB7FAA.tmp
    2009-03-25 07:22 3,222,528 ----a-w c:\windows\Internet Logs\xDB894B.tmp
    2009-03-24 14:25 3,222,016 ----a-w c:\windows\Internet Logs\xDB8593.tmp
    2009-03-24 08:07 3,221,504 ----a-w c:\windows\Internet Logs\xDB8C28.tmp
    2009-03-23 10:09 3,220,992 ----a-w c:\windows\Internet Logs\xDB906C.tmp
    2009-03-22 06:57 3,219,456 ----a-w c:\windows\Internet Logs\xDB931A.tmp
    2009-03-20 10:52 16,589,857 ----a-w c:\windows\Internet Logs\tvDebug.zip
    2009-03-18 09:40 3,207,680 ----a-w c:\windows\Internet Logs\xDB7D1B.tmp
    2009-03-18 06:38 3,203,072 ----a-w c:\windows\Internet Logs\xDB7F8B.tmp
    2009-03-17 19:34 1,481,728 ----a-w c:\windows\Internet Logs\xDB7D3A.tmp
    2009-03-17 10:57 3,201,024 ----a-w c:\windows\Internet Logs\xDB7CDC.tmp
    2009-03-16 22:40 3,204,608 ----a-w c:\windows\Internet Logs\xDB82D5.tmp
    2009-03-15 23:24 3,198,976 ----a-w c:\windows\Internet Logs\xDB816E.tmp
    2009-03-14 10:23 3,196,928 ----a-w c:\windows\Internet Logs\xDB7E33.tmp
    2009-03-14 07:49 3,195,392 ----a-w c:\windows\Internet Logs\xDB8130.tmp
    2009-03-12 07:19 3,189,248 ----a-w c:\windows\Internet Logs\xDBF8FE.tmp
    2009-03-12 03:10
    d
    w c:\program files\Windows Mail
    2009-03-12 03:04
    d
    w c:\programdata\Microsoft Help
    2009-03-10 08:24 1,523,712 ----a-w c:\windows\Internet Logs\xDB953C.tmp
    2009-03-08 19:58
    d
    w c:\program files\Malwarebytes' Anti-Malware
    2009-03-08 16:45 47,360 ----a-w c:\users\Norah\AppData\Roaming\pcouffin.sys
    2009-03-08 16:45
    d
    w c:\users\Norah\AppData\Roaming\Vso
    2009-03-08 16:44
    d
    w c:\programdata\Kontiki
    2009-03-08 16:44
    d
    w c:\program files\Kontiki
    2009-03-08 16:07 3,123,200 ----a-w c:\windows\Internet Logs\xDBAB8A.tmp
    2009-03-08 11:30 3,120,128 ----a-w c:\windows\Internet Logs\xDB9E22.tmp
    2009-03-06 15:53
    d
    w c:\program files\Google
    2009-03-05 21:30 3,097,088 ----a-w c:\windows\Internet Logs\xDB9C29.tmp
    2009-03-04 18:52 3,092,992 ----a-w c:\windows\Internet Logs\xDBAD3A.tmp
    2009-03-02 08:11 3,091,456 ----a-w c:\windows\Internet Logs\xDBA288.tmp
    2009-03-02 08:11 1,903,616 ----a-w c:\windows\Internet Logs\xDB9F2D.tmp
    2009-02-28 14:52
    d
    w c:\program files\Microsoft Silverlight
    2009-02-27 00:00 3,084,288 ----a-w c:\windows\Internet Logs\xDBA5D1.tmp
    2009-02-26 08:49 3,082,752 ----a-w c:\windows\Internet Logs\xDBA2E5.tmp
    2009-02-24 13:01 3,076,608 ----a-w c:\windows\Internet Logs\xDBA4C2.tmp
    2009-02-24 13:01 1,582,080 ----a-w c:\windows\Internet Logs\xDBA25B.tmp
    2009-02-22 18:49 3,072,000 ----a-w c:\windows\Internet Logs\xDB9F34.tmp
    2009-02-13 16:31 3,033,088 ----a-w c:\windows\Internet Logs\xDBB4BF.tmp
    2009-02-12 16:07 3,026,432 ----a-w c:\windows\Internet Logs\xDBA7CB.tmp
    2009-02-11 15:18 3,010,560 ----a-w c:\windows\Internet Logs\xDBF14C.tmp
    2009-02-11 15:18 2,365,440 ----a-w c:\windows\Internet Logs\xDBED3F.tmp
    2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-02-09 21:35 2,954,240 ----a-w c:\windows\Internet Logs\xDBA119.tmp
    2009-02-09 13:38 2,957,824 ----a-w c:\windows\Internet Logs\xDBA500.tmp
    2009-02-08 16:41 2,949,120 ----a-w c:\windows\Internet Logs\xDB9D6F.tmp
    2009-02-07 23:30 2,954,752 ----a-w c:\windows\Internet Logs\xDBA4A0.tmp
    2009-02-06 17:09 2,946,560 ----a-w c:\windows\Internet Logs\xDBB67B.tmp
    2009-02-06 07:22 2,925,056 ----a-w c:\windows\Internet Logs\xDB9CD6.tmp
    2009-02-06 07:22 1,809,920 ----a-w c:\windows\Internet Logs\xDB98F9.tmp
    2009-02-05 17:00 2,956,288 ----a-w c:\windows\Internet Logs\xDB9709.tmp
    2009-02-04 22:08 2,949,120 ----a-w c:\windows\Internet Logs\xDB9DCF.tmp
    2009-01-29 13:08 3,566,080 ----a-w c:\windows\Internet Logs\xDBA557.tmp
    2009-01-29 13:06 2,867,712 ----a-w c:\windows\Internet Logs\xDBA81C.tmp
    2009-01-28 18:28 2,851,840 ----a-w c:\windows\Internet Logs\xDBA5CB.tmp
    2009-01-27 22:58 2,814,464 ----a-w c:\windows\Internet Logs\xDB96DB.tmp
    2009-01-27 12:57 2,802,176 ----a-w c:\windows\Internet Logs\xDBB0A3.tmp
    2009-01-26 15:23 2,798,592 ----a-w c:\windows\Internet Logs\xDB8ECF.tmp
    2009-01-26 12:36 2,804,224 ----a-w c:\windows\Internet Logs\xDBC6E1.tmp
    2009-01-25 21:19 2,796,544 ----a-w c:\windows\Internet Logs\xDB9F43.tmp
    2009-01-25 21:00 2,794,496 ----a-w c:\windows\Internet Logs\xDB90A5.tmp
    2009-01-25 16:05 2,814,976 ----a-w c:\windows\Internet Logs\xDBB4E5.tmp
    2009-01-24 12:42 2,807,296 ----a-w c:\windows\Internet Logs\xDBC710.tmp
    2009-01-23 12:54 2,802,176 ----a-w c:\windows\Internet Logs\xDBE586.tmp
    2009-01-23 09:09 2,796,544 ----a-w c:\windows\Internet Logs\xDB13AA.tmp
    2009-01-16 16:30 2,661,888 ----a-w c:\windows\Internet Logs\xDB969E.tmp
    2009-01-16 12:49 2,658,816 ----a-w c:\windows\Internet Logs\xDBAAB8.tmp
    2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
    2009-01-14 14:09 2,655,744 ----a-w c:\windows\Internet Logs\xDBE27C.tmp
    2009-01-14 11:39 2,669,568 ----a-w c:\windows\Internet Logs\xDB1C8F.tmp
    2009-01-12 10:38 2,665,984 ----a-w c:\windows\Internet Logs\xDB8CFB.tmp
    2009-01-12 09:01 2,653,184 ----a-w c:\windows\Internet Logs\xDBABF0.tmp
    2009-01-10 14:30 2,655,744 ----a-w c:\windows\Internet Logs\xDBA2BF.tmp
    2009-01-06 09:09 2,614,272 ----a-w c:\windows\Internet Logs\xDB9EE8.tmp
    2008-11-03 08:29 3,592,265 ----a-w c:\users\Norah\knitcrochet.exe
    2008-06-21 07:18 174 --sha-w c:\program files\desktop.ini
    2008-03-28 11:13 557,056 ----a-w c:\users\Norah\GoToAssist_phone__319_en.exe
    2008-03-30 07:14 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008033020080331\index.dat
    2008-03-30 07:14 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-04-05_14.58.16.10 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-04-05 13:32:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-04-05 21:16:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-04-05 13:32:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-04-05 21:16:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-04-05 13:33:15 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-04-05 21:17:56 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-04-05 21:17:56 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.L!!!
    - 2009-04-05 13:33:09 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-04-05 21:17:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2009-04-05 13:32:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-04-05 21:16:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-04-05 13:32:12 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-04-05 21:16:43 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-04-05 13:32:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-04-05 21:16:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-04-05 13:35:58 106,696 ----a-w c:\windows\System32\perfc009.dat
    + 2009-04-05 21:24:37 106,696 ----a-w c:\windows\System32\perfc009.dat
    - 2009-04-05 13:35:58 603,282 ----a-w c:\windows\System32\perfh009.dat
    + 2009-04-05 21:24:37 603,282 ----a-w c:\windows\System32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-01-08 17:14 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-07-12 16:33 98304 c:\windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
    backup=c:\windows\pss\Nokia Nseries PC Suite.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Norah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk]
    backup=c:\windows\pss\CCC.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Norah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DeliveryManager.lnk]
    backup=c:\windows\pss\DeliveryManager.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Norah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a
    2008-06-12 03:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    --a
    2008-10-01 13:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a
    2007-05-16 10:27 153136 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    --a
    2008-12-16 08:15 342848 c:\users\Norah\Program Files\DNA\btdna.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a
    2007-03-11 21:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
    --a
    2007-06-12 02:27 317560 c:\program files\Sony\ISB Utility\ISBMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a
    2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a
    2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a
    2007-03-01 16:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
    --a
    2006-11-28 02:12 2658304 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
    --a
    2006-06-27 17:21 1449984 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
    --a
    2008-07-24 17:07 20480 c:\users\Norah\AppData\Local\Plaxo\3.14.0.44\plaxosystray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
    --a
    2008-07-24 17:07 363591 c:\users\Norah\AppData\Local\Plaxo\3.14.0.44\PlaxoHelper_en.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a
    2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    --a
    2006-11-10 20:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a
    2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    --a
    2009-03-25 10:14 1830128 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a
    2007-03-10 02:58 835584 c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    --a
    2008-05-06 09:42 202088 c:\program files\TomTom HOME 2\HOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a
    2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
    --a
    2006-11-02 10:45 215552 c:\windows\WindowsMobile\wmdSync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --a
    2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a
    2007-08-30 18:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
    --a
    2008-10-09 14:25 981904 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    --a
    2007-04-08 03:33 4423680 c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    --a
    2007-04-08 03:33 1822720 c:\windows\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    Greyer by the minute - Older by the hour - Wiser by the day
  • westiea
    westiea Posts: 432 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{3E2A1EDC-2DD7-42BF-B640-E5F9E1A38B3C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{E5E977AE-C4D6-43D2-A5C2-7F96BC4EF53B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{EEB1C484-AF95-4830-8B72-2622C014599F}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
    "{B1694D37-A4AE-45BA-A352-D82965C9EB26}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
    "{039808DD-ECC6-4443-869B-C75DD59F6390}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{B37C050A-4F2A-421C-B8FA-48B52818D7E4}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{7B8763B7-32EA-46D0-A805-4075D3790108}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{043DDF05-3711-4745-A097-A241D4F81D74}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
    "{EBDE1DC8-9245-4A95-BCE2-6BCA66E74462}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
    "{F3CFBD56-B126-4316-AF41-624787C6B598}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
    "{BD7C6BA1-8C99-4FFA-BCCF-8396F1849937}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
    "{66E8462B-E3E4-468F-811E-41ECE2BBCE03}"= UDP:c:\program files\DNA\btdna.exe:DNA
    "{5E233521-F859-4756-AB06-40D1F0FC64DE}"= TCP:c:\program files\DNA\btdna.exe:DNA
    "{6178B5DC-9BCF-42AF-81E8-96F4CA4B5491}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "{105C8401-8CB1-4B12-B0ED-55714302267F}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "{F7BBBAE6-9B7E-450E-B0DF-971EFB2192D0}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{B626B79A-D9B4-4B8D-9096-DF4E7FABB9E0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{344C7D08-E8E3-4CD5-B0B8-CF60E8AE2CDE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{A9D41A31-67DE-405D-AE95-15CC391E9379}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{BF8D622B-C536-4B32-822A-15DB43175637}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{F428AFBE-4885-46BF-B199-811D30C32017}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
    "{8B945662-33C6-4E4A-8E0F-2E589971741D}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
    "{635B31A6-C4F7-4841-A1B3-1EA430A678FD}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{10A8AA8A-9AD2-4DD6-B06C-CBD6839C8077}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{1DCB7CFE-9606-4188-9B10-5AF75477EBDB}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{69CA6906-7CB3-4614-BD99-55EE8EA3EEF8}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{223C8E74-E460-4547-B148-12E98AD2DF55}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{382E5032-2A8A-47FF-BD5F-BD8AB367E7D8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{EDF3C25B-3536-471B-8D57-C3D046ED29E5}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{5DFE3C3D-2D16-4610-96C6-2C7343E5BBEA}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{4281AF3C-6CEC-49F7-95DE-9ADEC81209AB}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
    "{C8C6131E-B032-4194-8683-7370C9A574C3}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
    "{34325E6C-C0F4-4D99-B47E-56FA2406D552}"= Disabled:UDP:f:\setup\HPZNUI01.EXE:hpznui01.exe
    "{59938377-58A8-48CD-9FA1-714B0635BF04}"= Disabled:TCP:f:\setup\HPZNUI01.EXE:hpznui01.exe
    "{A14712DC-F342-4EA2-9EE4-A62548C90705}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{818C0A67-DEC2-4633-83AF-FD9FB3530077}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{C7D45396-412F-4713-9728-846BA1D43DEB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{522EB51B-2BF6-45F1-8D05-00269F119AC6}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{4E7BA6E0-5F42-4805-868F-6383E33046B3}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
    "{3DF7B007-839A-4642-833E-C71032F55DF8}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
    "{BFCAF405-01CE-49D0-92E5-B2DBCFC7C917}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
    "{B852629B-160D-4482-8E2D-1CF00CADDB1B}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
    "{26B86B84-912A-45A2-9522-73DAC2EC5289}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{13FA8807-FD0F-4009-ACFB-0FFA45642F69}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{BC290A75-068F-4340-B00D-9A525087D001}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
    "{0F1A908A-0095-4EE4-BA25-54B78C4D3393}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
    "{24A79DEF-E861-4814-93BB-4188C41D0FE8}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
    "{F0512CDB-7EAB-47A3-9D97-6FA5B9E9F510}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
    "{AEAA4740-AA67-41E4-9716-59F96F9E2032}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
    "{400DEB96-ECD9-4447-BB24-502A4A5C64B1}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
    "{9E6A8E03-8208-4811-BD61-9F077C95149D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
    "{7CD7CEEA-2EBE-4ED4-AF86-126F505BE594}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
    "{FE8712E9-12AA-4617-920F-E22A78126083}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
    "{39717D85-AA83-4FF7-98F5-741FF4100347}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
    "{18BD0991-E015-4837-8FA3-382C8E9185D7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{DB79774B-FED6-46CC-947A-8035367621C1}"= UDP:990:LocalSubnet:LocalSubnet|IF={AFECA986-B1CD-492C-AA89-068AD9D51E2B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
    "{3DFD1DF6-D1E8-480A-B185-C8E5726D3FAD}"= UDP:c:\program files\DNA\btdna.exe:DNA
    "{E00BCACB-CC82-4351-806E-8E7429D901A5}"= TCP:c:\program files\DNA\btdna.exe:DNA
    "{1644DE75-DF98-457F-B2CA-75B43229E638}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{C5EAF0CE-43C1-4520-A80B-DBE170814746}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{719C1A46-F78C-4ADF-A2FB-7A3EB4C2F695}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{FED368A3-4285-4958-A57D-D34087BC2F49}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{0820BE19-7DEE-416C-9277-E76800064915}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
    "{87D39ED5-8A7A-4072-8CC4-47F75CC3A9D6}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
    "TCP Query User{FDC63A57-7327-4DA0-97F6-D1B233B0BD10}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
    "UDP Query User{5B410473-F770-41F3-81A0-437CF07F5853}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
    "TCP Query User{6693ED2D-7D0B-47DA-A24E-D8F6C1755BCD}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "UDP Query User{7EBB1289-0BF0-44E0-9239-5B0DD1C2CE31}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "DoNotAllowExceptions"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-05 108289]
    R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-18 11032]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-29 600912]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-07-24 73472]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-07-24 43904]
    R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-07-24 812544]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-09-07 745472]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-09-07 397312]
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-09-07 1089536]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-07 292152]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-12-29 79136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPService REG_MULTI_SZ HPSLPSVC
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - g:\autorun\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \shell\AutoRun\command - I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17fb7fa7-b66c-11dc-a788-001bfbce463b}]
    \shell\AutoRun\command - I:\
    \shell\open\Command - .\autorun.exe explore

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17fb7faa-b66c-11dc-a788-001bfbce463b}]
    \shell\AutoRun\command - H:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{279acb5a-24d9-11dd-bd56-001bfbce463b}]
    \shell\AutoRun\command - h:\wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fdd607f-d37e-11dd-92ac-001bfbce463b}]
    \shell\AutoRun\command - H:\DPFMate.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b92eae8a-1d92-11dd-9061-001a8040733f}]
    \shell\AutoRun\command - I:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2007-12-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

    2009-04-05 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2009-02-12 18:10]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.daemon-search.com/startpage
    uInternet Settings,ProxyOverride = *.local
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: plaxo.com\www
    FF - ProfilePath - c:\users\Norah\AppData\Roaming\Mozilla\Firefox\Profiles\prxmiyt4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.google.co.uk/
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
    FF - plugin: c:\users\Norah\Program Files\DNA\plugins\npbtdna.dll
    FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-05 22:30:24
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\users\Norah\AppData\Local\Temp\catchme.dll 53248 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    Completion time: 2009-04-05 22:33:18
    ComboFix-quarantined-files.txt 2009-04-05 21:33:14
    ComboFix2.txt 2009-04-05 14:00:21

    Pre-Run: 71,102,517,248 bytes free
    Post-Run: 71,075,020,800 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=75 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75
    399 --- E O F --- 2009-03-16 07:31:22



    Thanks again hope its all here now
    Greyer by the minute - Older by the hour - Wiser by the day
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Is it still as bad as ever?

    Uninstall ADAWARE

    Right click superantispyware and prevent it from starting up with windows

    Im concerned about this ~
    C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    Looks like nero is backing up at times which could be causing the problem. Id suggest shutting it down

    and this ~
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    Nero is 'indexing' at times (recording where things are). id suggest shutting that down too

    C:\Windows\system32\SearchFilterHost.exe
    May be slowing it down too (Microsofts indexing service)

    Update JAVA

    Am I right in thinking you still have zonealarm firewall running?
    :idea:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.5K Banking & Borrowing
  • 254.1K Reduce Debt & Boost Income
  • 455K Spending & Discounts
  • 246.6K Work, Benefits & Business
  • 602.9K Mortgages, Homes & Bills
  • 178.1K Life & Family
  • 260.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture