Webuser Forums: log check if you please

Okay here are both reports. Can you please suggest a firewall to use after all is clear. ZoneAlarm slows donw my system alot so I have niot been using. Thanks again for being here to help us. Many many thanks.

ComboFix 08-09-01.01 - asla7 2008-09-02 3:51:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.164 [GMT 2:00]
Running from: C:\Documents and Settings\asla7\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\asla7\Application Data\macromedia\Flash Player\#SharedObjects\HF2H83UM\bin.clearspring.com
C:\Documents and Settings\asla7\Application Data\macromedia\Flash Player\#SharedObjects\HF2H83UM\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\asla7\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\asla7\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.

2008-08-29 14:38 . 2008-08-29 14:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 14:38 . 2008-08-29 14:38 <DIR> d-------- C:\Documents and Settings\asla7\Application Data\Malwarebytes
2008-08-29 14:38 . 2008-08-29 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-29 14:38 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 14:38 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 11:19 . 2008-08-29 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-29 11:18 . 2008-08-29 11:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-29 11:18 . 2008-08-29 11:18 <DIR> d-------- C:\Documents and Settings\asla7\Application Data\SUPERAntiSpyware.com
2008-08-25 00:10 . 2008-08-25 00:10 <DIR> d-------- C:\fsaua.data
2008-08-24 23:44 . 2008-08-28 08:01 <DIR> d-------- C:\Documents and Settings\asla7\.housecall6.6
2008-08-23 23:08 . 2008-08-24 23:22 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-16 21:27 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-16 14:00 . 2008-08-25 19:32 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-08-16 14:00 . 2008-08-16 14:00 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-08-08 15:28 . 2008-08-08 15:28 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-06 20:28 . 2008-08-06 20:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-06 20:27 . 2008-04-07 04:38 45,392 -ra------ C:\WINDOWS\system32\AdobePDF.dll
2008-08-06 20:27 . 2008-04-07 04:38 22,872 -ra------ C:\WINDOWS\system32\AdobePDFUI.dll
2008-08-04 18:38 . 2008-08-04 18:39 <DIR> d-------- C:\Program Files\iTunes
2008-08-04 18:38 . 2008-08-04 18:38 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 12:45 --------- d-----w C:\Program Files\Gabest
2008-08-29 09:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-28 06:47 --------- d-----w C:\Program Files\Trend Micro
2008-08-27 10:51 --------- d-----w C:\Program Files\PFConfig
2008-08-26 03:23 --------- d-----w C:\Documents and Settings\asla7\Application Data\Apple Computer
2008-08-25 16:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 21:23 --------- d-----w C:\Documents and Settings\asla7\Application Data\uTorrent
2008-08-06 18:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-22 23:10 --------- d-----w C:\Program Files\Red Kawa
2008-07-21 22:11 --------- d-----w C:\Documents and Settings\asla7\Application Data\WinFF
2008-07-16 19:44 --------- d-----w C:\Program Files\AIM
2008-07-11 16:15 --------- d-----w C:\Documents and Settings\asla7\Application Data\Skype
2008-07-10 06:35 32,000 ----a-w C:\windows\system32\drivers\usbaapl.sys
2008-07-07 20:26 253,952 ----a-w C:\windows\system32\es.dll
2008-07-07 17:16 --------- d-----w C:\Documents and Settings\asla7\Application Data\Smilebox
2008-07-06 23:00 --------- d-----w C:\Program Files\Lavasoft
2008-07-06 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-05 22:17 --------- d-----w C:\Program Files\WinFF
2008-07-04 23:15 --------- d-----w C:\Documents and Settings\asla7\Application Data\vlc
2008-06-24 16:43 74,240 ----a-w C:\windows\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\windows\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\windows\system32\mswsock.dll
2007-11-02 22:18 56 --sh--r C:\windows\system32\1CBC925F82.sys
2007-11-02 22:18 1,890 --sha-w C:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2004-08-04 14:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-14 02:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 02:12 17408 a18d6fbb1e052c9e30d9ee567a1317eb C:\windows\system32\svchost.exe

2004-08-04 14:00 502272 01c3346c241652f43aed8e2149881bfe C:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-14 02:12 507904 ed0ef0a136dec83df69f04118870003e C:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 02:12 512000 30b4ef2d974e68eb20b2fa63c7f1caef C:\windows\system32\winlogon.exe

2008-04-14 02:12 1036288 0f4b6d5b73591908cc66e500cc77ffb0 C:\windows\explorer.exe
2007-06-13 13:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 12:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-04 14:00 1032192 a0732187050030ae399b241436565e64 C:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 02:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 14:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\windows\$NtServicePackUninstall$\services.exe
2008-04-14 02:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\windows\ServicePackFiles\i386\services.exe
2008-04-14 02:12 111104 538d370f54dd4ed05aaf68abae4d444a C:\windows\system32\services.exe

2004-08-04 14:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-14 02:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 02:12 14848 2d944f90652e64697b21f66b7bec4d57 C:\windows\system32\lsass.exe

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 14:00 57856 7435b108b935e42ea92ca94f59c8e717 C:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 02:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 02:12 58880 0564c7c94f560503db44bea01e412864 C:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\xdrive.LinkedFolder]
@="{5D64CBA3-BDEC-427C-8A7F-8CB7C9EA7C74}"
[HKEY_CLASSES_ROOT\CLSID\{5D64CBA3-BDEC-427C-8A7F-8CB7C9EA7C74}]
2006-10-31 23:24 77824 --a------ C:\Program Files\Xdrive\Xdrive Desktop\Overlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\xdrive.LinkedSharedFolder]
@="{7C541B8D-BD5A-4687-9010-50E2B5D4A8E4}"
[HKEY_CLASSES_ROOT\CLSID\{7C541B8D-BD5A-4687-9010-50E2B5D4A8E4}]
2006-10-31 23:24 77824 --a------ C:\Program Files\Xdrive\Xdrive Desktop\Overlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\xdrive.SharedFolder]
@="{39C2972F-3338-471B-8D67-FA82E46E3AC2}"
[HKEY_CLASSES_ROOT\CLSID\{39C2972F-3338-471B-8D67-FA82E46E3AC2}]
2006-10-31 23:24 77824 --a------ C:\Program Files\Xdrive\Xdrive Desktop\Overlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="\Program\" [X]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 12:24 65536]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2008-04-14 02:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-14 11:04 122939]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-09-17 00:36 192512]
"TCtryIOHook"="c:\WINDOWS\System32\TCtrlIOHook.exe" [2004-08-06 06:49 28672]
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-15 01:07 24576]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 22:45 135168]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 23:47 1089589]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 06:10 339968]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-07 00:14 643072]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-29 01:23 53248]
"Pinger"="C:\TOSHIBA\IVP\ISM\pinger.exe" [2005-03-18 01:37 151552]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2006-05-05 01:59 40960]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-07-01 05:56 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-07-01 06:00 65536]
"HostManager"="C:\Program Files\Common Files\AOL\1164198928\ee\AOLSoftware.exe" [2006-04-20 19:10 50792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 09:50 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 08:47 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 09:47 289064]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 01:25 37232]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 21:43 640376]
"AGRSMMSG"="AGRSMMSG.exe" [2007-06-01 11:30 88363 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2004-06-02 05:43 278528 C:\WINDOWS\system32\TPSMain.exe]

C:\Documents and Settings\asla7\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-12 06:57:52 59080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 02:38:16 29696]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2005-06-15 04:04:57 634880]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-06-28 07:30:43 450560]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-12 23:05:35 155648]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{24E75230-0B5A-445D-822E-119FBB211AF4}"= "C:\Program Files\Xdrive\Xdrive Desktop\ExecHook.dll" [2006-10-31 23:24 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ukxcoULhXb"= {ECC1792D-466B-D387-8F05-C0EABFF6BF68} - C:\windows\system32\ox.dll [2008-04-14 02:11 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=CLKERN.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MPEG"= JPEGCODE.DLL
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ddd25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kww16.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\cmd.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51235:TCP"= 51235:TCP:utorrent
"51235:UDP"= 51235:UDP:utorrent 2

S3 msloop;Microsoft Loopback Adapter Driver;C:\windows\system32\DRIVERS\loop.sys [2001-08-17 22:53]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
HKCU-Run-VoipBuster - C:\program files\voipbuster.com\voipbuster\voipbuster.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ig
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = localhost;*.local
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O8 -: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
O8 -: Save to &Xdrive - C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O17 -: HKLM\CCS\Interface\{4F4C3BEF-4971-470E-AD0E-EE3CD9AC695F}: NameServer = 80.75.166.250,80.75.163.20
O17 -: HKLM\CCS\Interface\{7E8ABDC2-A17F-4460-8FA4-95A8C998E0FB}: NameServer = 10.0.0.2,10.0.0.3
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
C:\WINDOWS\Downloaded Program Files\hcImpl.inf
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 04:02:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-02 4:10:25
ComboFix-quarantined-files.txt 2008-09-02 02:09:49

Pre-Run: 32,497,307,648 bytes free
Post-Run: 32,707,231,744 bytes free

235 --- E O F --- 2008-08-26 03:17:19

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:30 AM, on 9/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\windows\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\TCtrlIOHook.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\windows\system32\TPSMain.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\AOL\1164198928\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\TPSBattM.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1164198928\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181812956781
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F4C3BEF-4971-470E-AD0E-EE3CD9AC695F}: NameServer = 80.75.166.250,80.75.163.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E8ABDC2-A17F-4460-8FA4-95A8C998E0FB}: NameServer = 10.0.0.2,10.0.0.3
O18 - Protocol: bw+0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E95B3401-B7C4-4282-BBFF-55D05668A05F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: CLKERN.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: ukxcoULhXb - {ECC1792D-466B-D387-8F05-C0EABFF6BF68} - C:\windows\system32\ox.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 24488 bytes

Ok did all you said. Here are copies of both log files as you requested.

All seems to be okay now, will monitor and see what happens.

A million and a million more thanks, you are AWESOME!

ComboFix 08-09-01.01 - asla7 2008-09-02 16:21:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.156 [GMT 2:00]
Running from: C:\Documents and Settings\asla7\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\asla7\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.

2008-08-29 14:38 . 2008-08-29 14:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 14:38 . 2008-08-29 14:38 <DIR> d-------- C:\Documents and Settings\asla7\Application Data\Malwarebytes
2008-08-29 14:38 . 2008-08-29 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-29 14:38 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 14:38 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 11:19 . 2008-08-29 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-29 11:18 . 2008-08-29 11:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-29 11:18 . 2008-08-29 11:18 <DIR> d-------- C:\Documents and Settings\asla7\Application Data\SUPERAntiSpyware.com
2008-08-25 00:10 . 2008-08-25 00:10 <DIR> d-------- C:\fsaua.data
2008-08-24 23:44 . 2008-08-28 08:01 <DIR> d-------- C:\Documents and Settings\asla7\.housecall6.6
2008-08-23 23:08 . 2008-08-24 23:22 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-16 21:27 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-16 14:00 . 2008-08-25 19:32 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-08-16 14:00 . 2008-08-16 14:00 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-08-08 15:28 . 2008-08-08 15:28 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-06 20:28 . 2008-08-06 20:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-06 20:27 . 2008-04-07 04:38 45,392 -ra------ C:\WINDOWS\system32\AdobePDF.dll
2008-08-06 20:27 . 2008-04-07 04:38 22,872 -ra------ C:\WINDOWS\system32\AdobePDFUI.dll
2008-08-04 18:38 . 2008-08-04 18:39 <DIR> d-------- C:\Program Files\iTunes
2008-08-04 18:38 . 2008-08-04 18:38 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 14:10 --------- d-----w C:\Program Files\Logitech
2008-08-29 12:45 --------- d-----w C:\Program Files\Gabest
2008-08-29 09:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-28 06:47 --------- d-----w C:\Program Files\Trend Micro
2008-08-27 10:51 --------- d-----w C:\Program Files\PFConfig
2008-08-26 03:23 --------- d-----w C:\Documents and Settings\asla7\Application Data\Apple Computer
2008-08-25 16:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 21:23 --------- d-----w C:\Documents and Settings\asla7\Application Data\uTorrent
2008-08-06 18:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-22 23:10 --------- d-----w C:\Program Files\Red Kawa
2008-07-21 22:11 --------- d-----w C:\Documents and Settings\asla7\Application Data\WinFF
2008-07-16 19:44 --------- d-----w C:\Program Files\AIM
2008-07-11 16:15 --------- d-----w C:\Documents and Settings\asla7\Application Data\Skype
2008-07-10 06:35 32,000 ----a-w C:\windows\system32\drivers\usbaapl.sys
2008-07-07 17:16 --------- d-----w C:\Documents and Settings\asla7\Application Data\Smilebox
2008-07-06 23:00 --------- d-----w C:\Program Files\Lavasoft
2008-07-06 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-05 22:17 --------- d-----w C:\Program Files\WinFF
2008-07-04 23:15 --------- d-----w C:\Documents and Settings\asla7\Application Data\vlc
2007-11-02 22:18 56 --sh--r C:\windows\system32\1CBC925F82.sys
2007-11-02 22:18 1,890 --sha-w C:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2004-08-04 14:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-14 02:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 02:12 17408 a18d6fbb1e052c9e30d9ee567a1317eb C:\windows\system32\svchost.exe

2004-08-04 14:00 502272 01c3346c241652f43aed8e2149881bfe C:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-14 02:12 507904 ed0ef0a136dec83df69f04118870003e C:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 02:12 512000 30b4ef2d974e68eb20b2fa63c7f1caef C:\windows\system32\winlogon.exe

2008-04-14 02:12 1036288 0f4b6d5b73591908cc66e500cc77ffb0 C:\windows\explorer.exe
2007-06-13 13:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 12:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-04 14:00 1032192 a0732187050030ae399b241436565e64 C:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 02:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 14:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\windows\$NtServicePackUninstall$\services.exe
2008-04-14 02:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\windows\ServicePackFiles\i386\services.exe
2008-04-14 02:12 111104 538d370f54dd4ed05aaf68abae4d444a C:\windows\system32\services.exe

2004-08-04 14:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-14 02:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 02:12 14848 2d944f90652e64697b21f66b7bec4d57 C:\windows\system32\lsass.exe

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 14:00 57856 7435b108b935e42ea92ca94f59c8e717 C:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 02:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 02:12 58880 0564c7c94f560503db44bea01e412864 C:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-02_ 4.07.29.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-01 12:33:41 32,768 ----a-w C:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-02 14:08:06 32,768 ----a-w C:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-09-01 12:33:41 262,144 ----a-w C:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-02 14:08:06 262,144 ----a-w C:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-01 12:33:41 917,504 ----a-w C:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-02 14:08:06 917,504 ----a-w C:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\xdrive.LinkedFolder]
@="{5D64CBA3-BDEC-427C-8A7F-8CB7C9EA7C74}"
[HKEY_CLASSES_ROOT\CLSID\{5D64CBA3-BDEC-427C-8A7F-8CB7C9EA7C74}]
2006-10-31 23:24 77824 --a------ C:\Program Files\Xdrive\Xdrive Desktop\Overlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\xdrive.LinkedSharedFolder]
@="{7C541B8D-BD5A-4687-9010-50E2B5D4A8E4}"
[HKEY_CLASSES_ROOT\CLSID\{7C541B8D-BD5A-4687-9010-50E2B5D4A8E4}]
2006-10-31 23:24 77824 --a------ C:\Program Files\Xdrive\Xdrive Desktop\Overlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\xdrive.SharedFolder]
@="{39C2972F-3338-471B-8D67-FA82E46E3AC2}"
[HKEY_CLASSES_ROOT\CLSID\{39C2972F-3338-471B-8D67-FA82E46E3AC2}]
2006-10-31 23:24 77824 --a------ C:\Program Files\Xdrive\Xdrive Desktop\Overlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 12:24 65536]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2008-04-14 02:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-14 11:04 122939]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-09-17 00:36 192512]
"TCtryIOHook"="c:\WINDOWS\System32\TCtrlIOHook.exe" [2004-08-06 06:49 28672]
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-15 01:07 24576]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 22:45 135168]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 23:47 1089589]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 06:10 339968]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-07 00:14 643072]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-29 01:23 53248]
"Pinger"="C:\TOSHIBA\IVP\ISM\pinger.exe" [2005-03-18 01:37 151552]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2006-05-05 01:59 40960]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-07-01 05:56 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-07-01 06:00 65536]
"HostManager"="C:\Program Files\Common Files\AOL\1164198928\ee\AOLSoftware.exe" [2006-04-20 19:10 50792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 09:50 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 08:47 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 09:47 289064]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 01:25 37232]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 21:43 640376]
"AGRSMMSG"="AGRSMMSG.exe" [2007-06-01 11:30 88363 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2004-06-02 05:43 278528 C:\WINDOWS\system32\TPSMain.exe]

C:\Documents and Settings\asla7\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-12 06:57:52 59080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 02:38:16 29696]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2005-06-15 04:04:57 634880]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-12 23:05:35 155648]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{24E75230-0B5A-445D-822E-119FBB211AF4}"= "C:\Program Files\Xdrive\Xdrive Desktop\ExecHook.dll" [2006-10-31 23:24 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=CLKERN.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MPEG"= JPEGCODE.DLL
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\cmd.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51235:TCP"= 51235:TCP:utorrent
"51235:UDP"= 51235:UDP:utorrent 2

S3 msloop;Microsoft Loopback Adapter Driver;C:\windows\system32\DRIVERS\loop.sys [2001-08-17 22:53]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 16:41:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\LVComS.exe
.
**************************************************************************
.
Completion time: 2008-09-02 16:53:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-02 14:52:59
ComboFix2.txt 2008-09-02 02:10:30

Pre-Run: 32,650,670,080 bytes free
Post-Run: 32,643,264,512 bytes free

218 --- E O F --- 2008-08-26 03:17:19

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:50 PM, on 9/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\windows\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\windows\system32\TPSMain.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\AOL\1164198928\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\TPSBattM.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\LVComS.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1164198928\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181812956781
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F4C3BEF-4971-470E-AD0E-EE3CD9AC695F}: NameServer = 80.75.166.250,80.75.163.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E8ABDC2-A17F-4460-8FA4-95A8C998E0FB}: NameServer = 10.0.0.2,10.0.0.3
O20 - AppInit_DLLs: CLKERN.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 11844 bytes

Navigation

Webuser.co.uk

Web User Alerts

Web User Network

Site Policies

Magazine Subscription

Contacts

Search