Background Processes

[lambogalardo]

im kinda new into the background process thing, and a few weeks ago my computer completely crashed and i had to reset all the background processes. i just went down the list enabling them and i am now wondering which of these can now be disabled. thanks,
jay
Processes Pic

 

[TFT]

Difficult one to answer, we don't know what software you have or what software you want to run or to disable. Your processes are linked to programs that we have no idea whether you want it to run or not.

I could say you don't want khalmnpr.exe but then your Logitech mouse might not do what you want of it and I sure ain't searching through 73 processes on Google.

 

[lambogalardo]

thanks.. i wouldnt want to either...
i basically just want to leave AIM, WMP, Google, and Logitech open, and kill the rest.
thanks again

 

[johnb35]

Kill google updater service for one. Then go through the list and look at the processes that are listed under your name. Determine if you want that running on bootup or not. You have a couple duplicates in the list, I would wonder why? Viewpoint service would be another one you would want to get rid of, do that by uninstalling in add/remove programs. Be careful with Rundll32.exe's in your processes, some of them maybe nasty malware. Have you ran antimalware programs?

 

[JlCollins005]

thats alot of processes

 

[cohen]

worth a HJT log?

 

[porterjw]

Processes Pic

Wow...

For comparison, the *average* Home User should have 40-45 Processes running after a fresh system Startup. Anything over that, you're either running specific things, you're not in the 'average' category anymore, or you have way too much stuff running without your knowing.

 

[cohen]

At the moment i have 46 processes going!

 

[GameMaster]

Hello!
In your processes list you could remove 5-6 processes to speed up your computer, but don't remove the duplicate ones.
Johnb, if you meant on svchost, check your processes and tell me do you see more than one? Yes you do.

The only REAL problem I could see is a Viewpoint service running on your computer. That could really slow down your computer and bring only viruses. That program comes with AOL but should be deleted/removed.

Go to the Add/Remove Programs and Remove any Viewpoint part you find: Viewpoint Manager, Viewpoint Service...

 

[cohen]

is it worth posting a fresh pic of the processes and maybe a program list??? Then we can tell the OP what programs to remove???

 

[johnb35]

Hello!
In your processes list you could remove 5-6 processes to speed up your computer, but don't remove the duplicate ones.
Johnb, if you meant on svchost, check your processes and tell me do you see more than one? Yes you do.

The only REAL problem I could see is a Viewpoint service running on your computer. That could really slow down your computer and bring only viruses. That program comes with AOL but should be deleted/removed.

Go to the Add/Remove Programs and Remove any Viewpoint part you find: Viewpoint Manager, Viewpoint Service...

i wasn't talking about the svchost processes. i was talking about the other duplicates.

 

[lambogalardo]

thanks everyone... ill try to uninstall some stuff and add a programs list pic. thx

 

[cohen]

thanks everyone... ill try to uninstall some stuff and add a programs list pic. thx

Post a list of programs:

Well post a list of your programs. This how you do it:

• Download Hijackthis from here
• Open Hijackthis
• Click on "Open Misc Tools"
• Click on "Open Unistall Manager"
• Click on "Save List"
• Save it in a location
• Notepad will open
• Hit Ctrl + A
• Copy + paste in a forum reply

From the list of programs, we can tell you what ones to uninstall.

 

[G25r8cer]

A hijackthis log wouldnt be a bad idea either.

 

[cohen]

A hijackthis log wouldnt be a bad idea either.

well then here are the instructions

Post a Hijackthis Log

• Download Hijackthis from here
• Open Hijackthis
• Click on "Do a system Scan Only"
• Click on "save log"
• A notepad window will open
• Hit Ctrl + A
• Copy + paste in a forum reply

Then we can go from there.

 

[lambogalardo]

looking through the list at the moment, i see a whole lot i can go ahead and uninstall... i should be able to get a pic up in a few days...thanks for all your help

 

[lambogalardo]

alright..... spent about an hour thinning out old software then ran hijackthis and here's the log....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:37 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PowerPanel\upssrv.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PowerPanel\upsio.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\IECodecPl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O8 - Extra context menu item: Subscribe in default RSS reader - C:\Documents and Settings\Jay Welch\Application Data\RssBandit\iecontext_subscribefeed.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} - http://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://coke.mycokerewards.com/cabs/Entriq_3_6_0_15_Silent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: IMG Joystick-To-Mouse Service (IMGJTM) - Innovation Management Group, Inc. - C:\WINDOWS\JOY2MSE\IMGJTM.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - D:\Program Files\Windows Defender\MsMpEng.exe (file missing)

--
End of file - 11485 bytes


the processes list doesnt seem to have shrunk though......
im wondering if theres any windows processes running that are unnecessary....

 

[G25r8cer]

^^ Wow your startup is full of crap.

 

[cohen]

^^ Wow your startup is full of crap.

Yeah i agree, log looks clean.

Might be worth a combo fix log:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file from one of the three below listed places :
  
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  http://www.forospyware.com/sUBs/ComboFix.exe
  http://subs.geekstogo.com/ComboFix.exe
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

 

[lambogalardo]

alright.... tried to remove 3 or 4 things from startup then ran combofix.... heres the log......

ComboFix 08-06-12.2 - Jay Welch 2008-06-15 12:12:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.546 [GMT -4:00]
Running from: C:\Documents and Settings\Jay Welch\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\Documents and Settings\Gaming\Application Data\Starware316
C:\Documents and Settings\Gaming\Favorites\Online Security Test.url
C:\Documents and Settings\Jay Welch\Application Data\Starware316
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\Starware316
C:\Program Files\Starware316\bin\Starware316.dll
C:\Program Files\Starware316\icons\star_16.ico
C:\Program Files\Starware316\Starware316Uninstall.exe
C:\WINDOWS\Fonts\CALIBRIB.TTF
C:\WINDOWS\retadpu72.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\media
C:\WINDOWS\system32\media\AvidRender.wav
C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-14 14:24 . 2008-06-14 14:24 <DIR> d-------- C:\Program Files\Opera
2008-06-14 13:49 . 2008-06-14 13:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-14 07:20 . 2008-06-14 07:20 <DIR> d-------- C:\Program Files\DellSupport
2008-06-09 15:26 . 2008-06-09 15:26 <DIR> d-------- C:\Documents and Settings\Gaming\Application Data\Viewpoint
2008-06-08 14:44 . 2008-06-08 14:50 <DIR> d-------- C:\Program Files\Windows Live
2008-06-08 14:44 . 2008-06-08 14:49 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-08 14:44 . 2008-06-08 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-05 19:48 . 2008-06-05 19:48 <DIR> d-------- C:\GSP_Demo_406
2008-06-05 19:48 . 2008-06-07 22:16 1,510 --a------ C:\WINDOWS\Sketchpad Preferences.dat
2008-06-03 16:05 . 2008-06-03 19:41 <DIR> d-------- C:\Documents and Settings\Jay Welch\Application Data\U3
2008-05-25 12:01 . 2008-06-14 07:33 <DIR> d-------- C:\PowerPanel
2008-05-21 19:42 . 2008-05-21 19:42 <DIR> d-------- C:\Program Files\Synergy
2008-05-15 17:04 . 2008-05-15 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 16:00 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-06-15 12:32 --------- d-----w C:\Documents and Settings\Jay Welch\Application Data\nView_Wallpaper
2008-06-15 11:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-06-14 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-06-14 17:41 --------- d-----w C:\Program Files\Xilisoft
2008-06-14 17:39 30,601 ----a-w C:\Documents and Settings\Jay Welch\x.exe
2008-06-14 17:39 --------- d-----w C:\Program Files\VisualRoute
2008-06-14 17:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 17:33 --------- d-----w C:\Program Files\Dell
2008-06-14 17:30 --------- d-----w C:\Program Files\Google
2008-06-14 17:29 --------- d-----w C:\Program Files\GameSpy Arcade
2008-06-14 11:49 --------- d-----w C:\Documents and Settings\Jay Welch\Application Data\Lionhead Studios
2008-06-14 11:43 --------- d-----w C:\Program Files\Visual IP Trace 2007
2008-06-14 11:33 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-06-14 11:31 --------- d-----w C:\Program Files\MySpeed PC
2008-06-14 11:30 --------- d-----w C:\Program Files\Mp3TorrentDownload
2008-06-14 11:30 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-14 11:28 --------- d-----r C:\Program Files\Microsoft Games
2008-06-14 11:27 --------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-06-14 11:26 --------- d-----w C:\Program Files\KaraFun
2008-06-14 11:25 --------- d-----w C:\Program Files\IrfanView
2008-06-14 11:24 --------- d-----w C:\Program Files\Harry Potter Print Studio 5
2008-06-14 11:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\GalleryPlayer
2008-06-14 11:18 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-14 11:16 --------- d-----w C:\Program Files\SlySoft
2008-06-14 11:10 --------- d-----w C:\Program Files\TimeTo
2008-06-14 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-13 11:09 --------- d-----w C:\Documents and Settings\Jay Welch\Application Data\OpenOffice.org2
2008-06-12 22:51 --------- d-----w C:\Program Files\Dl_cats
2008-06-08 22:29 --------- d-----w C:\Documents and Settings\Gaming\Application Data\Vidalia
2008-06-08 22:29 --------- d-----w C:\Documents and Settings\Gaming\Application Data\tor
2008-05-24 00:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-15 21:04 --------- d-----w C:\Program Files\AlphaZIP
2008-05-07 19:15 58,904 ----a-w C:\WINDOWS\system32\azipcontmn.dll
2008-05-05 22:34 --------- d-----w C:\Program Files\IVT Corporation
2008-04-12 21:02 1,781 ----a-w C:\WINDOWS\system32\IEPM4JTX.DRV
2008-04-06 23:10 58,904 ----a-w C:\WINDOWS\system32\sysfolderazipcnt.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2007-04-16 23:18 61 --sh--w C:\WINDOWS\cnerolf.bin
2008-01-21 19:11 56 --sh--r C:\WINDOWS\system32\3C99E4FCAE.sys
2008-01-21 19:11 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]
2006-07-20 17:41 111616 --a------ C:\WINDOWS\IECodecPl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1962C5BC-E475-465B-823B-133E711BCEB9}"= "C:\Program Files\Starware316\bin\Starware316.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{1962c5bc-e475-465b-823b-133e711bceb9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42 1404928]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-16 16:06 185632]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 20:19 77824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 28160 C:\WINDOWS\KHALMNPR.Exe]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 20:23 114688]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 01:50 73728]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 03:40 430080]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-20 18:21 29744]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 16:03 93208]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 20:34 169984]

C:\Documents and Settings\Jay Welch\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-02-18 10:28:47 2746104]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-28 07:30:25 24576]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-02 20:37:23 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gaming^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\Gaming\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Gaming^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=C:\Documents and Settings\Gaming\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay Welch^Start Menu^Programs^Startup^Flash Securer.lnk]
path=C:\Documents and Settings\Jay Welch\Start Menu\Programs\Startup\Flash Securer.lnk
backup=C:\WINDOWS\pss\Flash Securer.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay Welch^Start Menu^Programs^Startup^hc_tray.lnk]
path=C:\Documents and Settings\Jay Welch\Start Menu\Programs\Startup\hc_tray.lnk
backup=C:\WINDOWS\pss\hc_tray.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay Welch^Start Menu^Programs^Startup^Joystick To Mouse.lnk]
path=C:\Documents and Settings\Jay Welch\Start Menu\Programs\Startup\Joystick To Mouse.lnk
backup=C:\WINDOWS\pss\Joystick To Mouse.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay Welch^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Jay Welch\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay Welch^Start Menu^Programs^Startup^UsbAutoStart.lnk]
path=C:\Documents and Settings\Jay Welch\Start Menu\Programs\Startup\UsbAutoStart.lnk
backup=C:\WINDOWS\pss\UsbAutoStart.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
--a------ 2004-04-26 17:21 270336 C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 19:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
--a------ 2005-10-21 03:40 430080 C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
--a------ 2008-03-22 07:46 652528 C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPClientMonitor]
C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPDownloadManager]
C:\Program Files\GalleryPlayer\Player\GPDownloadManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-04-05 20:22 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 17:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-02-16 18:22 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a------ 2000-08-08 16:00 311350 C:\Program Files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2000-08-08 16:00 28739 C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-07-12 20:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq]
--------- 2004-07-02 12:26 122956 C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-25 21:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
--a------ 2007-01-16 13:38 36904 C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-23 00:19 23120680 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowBlinds]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a------ 2000-08-08 16:00 24576 C:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"UPS"=3 (0x3)
"TapiSrv"=2 (0x2)
"ssoftservice"=2 (0x2)
"Messenger"=2 (0x2)
"iPod Service"=2 (0x2)
"IMGJTM"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager-022208-143751"=3 (0x3)
"Fax"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinDVR SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
"SVRemote"=c:\Program Files\SVRemote\TVCardRemote.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dlcccoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlccPSWX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R1 LADriver;LADriver;C:\WINDOWS\system32\drivers\LADriver.sys [2005-09-22 04:12]
R1 LDDriver;LDDriver;C:\WINDOWS\system32\drivers\LDDriver.sys [2005-09-22 03:17]
R1 LHDriver;LHDriver;C:\WINDOWS\system32\drivers\LHDriver.sys [2005-09-22 04:21]
R2 ssoftnt4;ssoftnt4;C:\WINDOWS\system32\Drivers\ssoftnt4.sys [2007-01-24 12:16]
R3 cdiskdun;cdiskdun;C:\DOCUME~1\JAYWEL~1\LOCALS~1\Temp\cdiskdun.sys [2004-03-27 13:10]
S3 Cap7134;SinoVideo PCI 2309 Cap7134 Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-10-16 16:33]
S3 PhTVTune;7130 TV tuner card WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2006-08-25 23:08]
S4 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-20 18:21]
S4 IMGJTM;IMG Joystick-To-Mouse Service;C:\WINDOWS\JOY2MSE\IMGJTM.EXE [2002-09-26 22:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51ac566c-b23b-11db-9ad3-806d6172696f}]
\Shell\AutoRun\command - G:\_MyPendrive\MyPendrive.exe
\Shell\MyPendrive\command - G:\_MyPendrive\MyPendrive.exe
\Shell\progr0\command - \MyPendriveUI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacf1a58-b244-11db-9ad4-001676a20453}]
\Shell\AutoRun\command - G:\_MyPendrive\MyPendrive.exe
\Shell\MyPendrive\command - G:\_MyPendrive\MyPendrive.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb66bb43-2a8a-11dd-91fb-0018391c6357}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - CDISKDUN
*Newly Created Service* - DSBROKERSERVICE
.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 22:24:54 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 12:25:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-15 12:29:18
ComboFix-quarantined-files.txt 2008-06-15 16:28:15

Pre-Run: 50,609,963,008 bytes free
Post-Run: 51,035,889,664 bytes free

335 --- E O F --- 2008-04-10 10:04:38