Spyware, viruses, & security : Backdoor.Bifrost & KaZaA & FunWeb Products - Pls Help!

Backdoor.Bifrost & KaZaA & FunWeb Products - Pls Help!

Hello! Thank you in advance for your assistance!

XP machine

CounterSPY found:

KaZaA P2P Program Low
FunWebProducts Potentially Unwanted Program Low
Backdoor.Bifrost Backdoor High

Registry issue:

HKEY_USERS\S-1-5-21-1801674531-1547161642-725345543-1004\software\Wget -1

Internet Explorer -
longer load time; occas crashes - then next time I start it up, it
will ask if I want to restore from last time. Looks like IE is
loading then it seems like it refreshes on its own while it is
loading as if you see 2 pages at same time on top of each other.
make sense?)

Microsoft Word - longer load time; occas crashes - then, next
time wants to load in save mode.

Pop-up's - occas

Tried to run but will not allow me to click "Accept" button -
Windows Live OneCare safety scanner is a free service designed
to help ensure the health of your PC.
-Check for and remove viruses
-Get rid of junk on your hard disk
-Improve your PC's performance

The following were what I had been using. Ran virus & spyware
scans - often daily.. worse case, every other day. If I had been
searching via Google, I would run FULL scans after I was done. I
also do an occas defrag.

Lavasoft Ad-aware - nothing found
Dr Web CureIt - nothing found
SuperAntiSpyware - nothing found
Malwarebytes - nothing found
Avast - nothing found
Outpost Firewall

Uninstalled the above, then loaded and ran in FULL scan:
TrojanHunter - nothing found
CounterSpy - see above
IObit Security 360 - nothing found
Microsoft Security Essentials - nothing found
RegCleaner
ZoneAlarm Firewall
WinPatrol
SpywareGuard
SpywareBlaster
Rapport Console
HiJackThis

RegCleaner 4.3 - Removed:
Agnitum; RealNetworks; Registered Applications; SafeLoc;
Piriform - CCleaner/Defraggler; TechTracker; Altium (Dream VCL)
Instant Report; ALWIL Software Avast; AppDataLow Ask Bar
D.S.; AppData Low Software; Broderbund Software DSS; COSMI
(3 different one's); Creative Wonders (2 different one's); CT
developing PDF txtreader; Edmark An Island Adventure; Google
(5 different one's); IDAVLab Dr Web update (10 various one's);
LeaderTech (4 various one's); Macromedia (3 various one's);
Mozilla Firefox (7 various one's); Netscape; NickJr Arcade;
Poikosoft Easy CD & DA Extractor; BealNetworks (2 various
one's); Recreation Sytool4; Registration; SecuROM Keys;
Swearware Backup; TechTracker.com Version TrackerPro; The
Learning Company Products; Touchstone Software Driver Agent;
Uniblue RegistryBooster 2; Virtools (3 various one's); Yahoo
Companion & Y FriendsBar; Systerac XP Tools Registry Doctor;
User Profile HiveCleanup Service

What else do I have installed that I can uninstall?

What can I remove from Startup?

What Services should be running; stopped; automatic; manual?

Could I be accepting or denying the wrong things when alerts
popup from security programs?

The latest Windows Update added a "Search Desktop". I could
care less to have it? Do I truly need it or can it be uninstalled? If so, how?

My son goes on pbskids.org; noggin; nick jr - could this be
bringing issue in? If so, how can avoid issues? These are the
only types of "gaming" sites we use in the house. Do I need to
have a setting change in ZoneAlarm (or another program)? Also,
I borrow CD's from the library, which I have to install to let him
use them (or is there another way for him to use them w/o
installing them?). Then, I uninstall them once he is done with the
game.

***************************************************************
HijackThis ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:22 PM, on 10/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\TrojanHunter 5.2\THGuard.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.2\THGuard.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242087838750
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6262 bytes
***************************************************************

HijackThis StartupList Report ----

StartupList report, 10/27/2009, 2:25:05 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\TrojanHunter 5.2\THGuard.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Lori\Start Menu\Programs\Startup]
SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
CanonMyPrinter = C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
WinPatrol = C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
IObit Security 360 = C:\Program Files\IObit\IObit Security 360\IS360tray.exe
SBAMTray = C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
MSSE = "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
THGuard = "C:\Program Files\TrojanHunter 5.2\THGuard.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{19FB76C6-DBEF-44B5-A053-ECDF5F855A07}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

[{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] *
StubPath = C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
SpywareGuard Download Protection - C:\Program Files\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
Canon Easy Web Print Helper - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE}
(no name) - C:\Program Files\WOT\WOT.dll - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
CODEBASE = http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
CODEBASE = http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\legitcheckcontrol.dll
CODEBASE = http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

[System Requirements Lab Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sysreqlab_srl.dll
CODEBASE = http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
OSD = C:\WINDOWS\Downloaded Program Files\sysreqlab.osd

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242087838750

[Kodak Gallery Easy Upload Manager Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\axofupld.dll
CODEBASE = http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

[Java Plug-in 1.6.0_13]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

[SABScanProcesses Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sabspx.dll
CODEBASE = http://www.superadblocker.com/activex/sabspx.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc4.cab

[Java Plug-in 1.6.0_13]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

[Java Plug-in 1.6.0_13]
InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_13.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\rsvpsp.dll
Protocol #11: C:\WINDOWS\system32\rsvpsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (disabled)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASKService: C:\Program Files\AskBarDis\bar\bin\AskService.exe (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
aswArKrn: \??\C:\DOCUME~1\Lori\LOCALS~1\Temp\aswArKrn.sys (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
BCM V.92 56K Modem: System32\DRIVERS\BCMSM.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Bonjour Service: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\ComboFix\catchme.sys (manual start)
Canon Camera Access Library 8: C:\Program Files\Canon\CAL\CALMAIN.exe (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
CryptSvc: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEAR ASPI Filter Driver: system32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (disabled)
Windows CardSpace: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (autostart)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (disabled)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
IS360service: C:\Program Files\IObit\IObit Security 360\IS360srv.exe (autostart)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Java Quick Starter: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" (manual start)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lbd: system32\DRIVERS\Lbd.sys (system)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
Microsoft Malware Protection Driver: system32\DRIVERS\MpFilter.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Antimalware Service: "c:\Program Files\Microsoft Security Essentials\MsMpEng.exe" (autostart)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net.Tcp Port Sharing Service: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OMCI: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
RapportKELL: \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (system)
Rapport Management Service: C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (autostart)
RapportPG: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
SABProcEnum: \??\C:\Program Files\Internet Explorer\SABProcEnum.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
CounterSpy Antispyware: "C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe" (autostart)
sbaphd: system32\drivers\sbaphd.sys (system)
sbapifs: system32\drivers\sbapifs.sys (autostart)
SBRE: \??\C:\WINDOWS\system32\drivers\SBREdrv.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
smwdm: system32\drivers\smwdm.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{706B6D75-1853-4018-B277-DB4C1762185C} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
M-Systems DiskOnChip 2000: system32\DRIVERS\tffsport.sys (system)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
User Profile Hive Cleanup: C:\Program Files\UPHClean\uphclean.exe (disabled)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Windows Search: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\Easy CD-DA Extractor 12.0.1\|||D

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 36,976 bytes
Report generated in 0.250 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


***************************************************************

ADS SPY Utility on HijackThis ------

C:\Documents and Settings\Lori\Favorites\Computer\Attack issues\Need help for KMON.OCX (VIRUS name Win32VIB_EIH[Trj]).url : favicon (84126 bytes)
C:\Documents and Settings\Lori\Favorites\Computer\Attack issues\Welcome to S,V, & S forum; Security Tools and Removal Resources - CNET Spyware, viruses, & security Forums.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Computer\Attack issues\WELCOME to the Windows XP Forum. Please read this message - CNET Windows XP Forums.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Computer\Attack issues\Windows XP Consumer security software providers.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Computer\BleepingComputer exe status.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Computer\catchme.sys - MajorGeeks Support Forums.url : favicon (10134 bytes)
C:\Documents and Settings\Lori\Favorites\Computer\catchme.sys keylogger - BleepingComputer.com.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Computer\Clark Howard Pop-up, Spyware and Virus Blockers on clarkhoward.com.url : favicon (318 bytes)
C:\Documents and Settings\Lori\Favorites\Computer\Download details Windows® Defender.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\Computer\Fix It for CD\Microsoft Fix it BLOG CD drive or DVD drive is missing in Windows XP or Vista.url : favicon (25214 bytes)
C:\Documents and Settings\Lori\Favorites\Computer\flash drive as memory in Windows XP .url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Computer\How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Computer\Windows XP Common Problems and Gotcha's.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Finances\agrbx Historical Prices for AMERICAN FDS GROWTH FD OF AMERI - Yahoo! Finance.url : favicon (318 bytes)
C:\Documents and Settings\Lori\Favorites\Finances\Dow Jones Averages Home.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\Finances\Financial Savings Calculator - Calculate Expected Investments, Millionaire AARP.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Finances\Raymond James Acount Login.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Finances\S&P 500 Index - CNNMoney.com.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Food\Cake decorating\Frozen Buttercream Transfer.url : favicon (822 bytes)
C:\Documents and Settings\Lori\Favorites\Food\Cake decorating\Piece of Cake Decorating.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\Food\Easy Iced Coffee - All Recipes.url : favicon (1078 bytes)
C:\Documents and Settings\Lori\Favorites\Food\Granola with raisins, apples and cinnamon - MayoClinic.com.url : favicon (3262 bytes)
C:\Documents and Settings\Lori\Favorites\Food\How to get $100 worth of groceries for 25 cents - TODAY Technology & Money- msnbc.com.url : favicon (15086 bytes)
C:\Documents and Settings\Lori\Favorites\Food\Perfect Macaroni and Cheese and more delicious recipes, smart cooking tips, and video demonstrations on marthastewart.com.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Health\2009 Benefits.url : favicon (10078 bytes)
C:\Documents and Settings\Lori\Favorites\Health\Puritan's Pride Product Search.url : favicon (2238 bytes)
C:\Documents and Settings\Lori\Favorites\Health\Sensory Feedback During Speech The Brain Attunes To More Than Just Sound.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Health\SPD Foundation - About SPD.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Health\U.S. Senate Committee on Commerce, Science, & Transportation.url : favicon (1164 bytes)
C:\Documents and Settings\Lori\Favorites\Health\What codes Aetna covers\Check to see if your health plan offers Quicken Health Expense Tracker.url : favicon (11278 bytes)
C:\Documents and Settings\Lori\Favorites\Health\What codes Aetna covers\Clinical Policy Bulletins (CPBs).url : favicon (7406 bytes)
C:\Documents and Settings\Lori\Favorites\House\AllPosters.com - The World's Largest Poster and Print Store!.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\House\Green\Etsy ReFabulous Tuck me away... lavender mini sachets, set of 5 surprise colors.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\Design Stamps Beaducation, Jewelry Making Classes When You Want, Where You Want.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\Eco-Tuff 2-Part WB Clear Epoxy Primer from Eco Safety Products, LLC.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\Etsy dwilcox Twilight Inspired.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\Etsy PrettyBabyBowtique Newborn-Infant-Baby Small Pink Flower With Sequin Center And Pink Nylon Headband.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\Etsy ReFabulous Dryer sachet refresher -- lavender essential oil.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\Etsy ReFabulous Eco friendly dryer sachets... Surprise fabric selection.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\Etsy ReFabulous Tuck me away... lavender mini sachets, set of 5 surprise colors.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\Flower & Wax Essential Oil Company Online Shop.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\Funky Little Monkey Online Shop.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\Hair Foam Foundations and Rats A Discount Beauty.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\How-to Make a Hair Bun with the Sock Method.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\http--www.etsy.com-view_listing.phpref=vl_other_2&listing_id=25251190.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\http--www.liasophia.com-sites-ccoyne-catalog-intro.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\iHerb.com - Product List - Lavender Oil.url : favicon (318 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\Lavender essential oil.url : favicon (318 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\MedlinePlus Herbs and Supplements Lavender (Lavandula angustifolia Miller).url : favicon (318 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\Poly-Soy Protective Clear Finish Top Coat from Eco Safety Products, LLC.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\Puritan's Pride Product Search.url : favicon (0 bytes)
C:\Documents and Settings\Lori\Favorites\Items to Make\The Top 25 Home-Based Business Ideas.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Links\Aetna.url : favicon (7406 bytes)
C:\Documents and Settings\Lori\Favorites\Links\Baby Tony.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Links\City.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Links\HR.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Links\Huntington.url : favicon (1078 bytes)
C:\Documents and Settings\Lori\Favorites\Links\Library.url : favicon (318 bytes)
C:\Documents and Settings\Lori\Favorites\Links\PBS KIDS.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Links\School.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Links\Wilcox - Web Links.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\A4everFamily.org - HOME.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Health\Contact Us.url : favicon (6598 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\KidsLink Neurobehavioral Center Call-Find Us.url : favicon (318 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Learning information\do2learn Educational Resources for Special Needs.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Learning information\Fact Monster Online Almanac, Dictionary, Encyclopedia, and Homework Help — FactMonster.com.url : favicon (318 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Learning information\FunBrain.com.url : favicon (1078 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Learning information\K12's Individualized Curriculum and Products.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Learning information\Ohio Virtual Academy.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Learning information\Parent-Child -- Space Camp® Online.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Learning information\Scholastic.com.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Learning information\Standardized Tests and Students with Special Needs.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Pre-Reading Test\Get Ready to Read! Overview - FamilyEducation.com.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Ready for Kindergarten.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\School and Academics Education.com.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Sensory Practical Resources.url : favicon (6598 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\SPD Foundation - About SPD.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Twinsburg City Schools - District Home.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Weighted items\http--www.sensorycraver.com-airwalker-swing-with-safety-rotational-device-and-safety-clip-p-351.htmlzenid=92d2fcdcf21ca8bbcdebbd8f6204dedd.url : favicon (3262 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Weighted items\OT-Innovations.com Weighted Items.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Weighted items\Weighted Blankets, Weighted Vest, Weighted Lap Pads, Weighted Neck Wraps, Ball Blankets, Crinkle Blanket, Explore Wrap.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Paul\Your Child 0-6 and other FE Life - FamilyEducation.com.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\Poly-Soy Protective Clear Finish Top Coat from Eco Safety Products, LLC.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\School\Twinsburg City Schools - District Calendar.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Shopping\A Donut That Gives You Bigger Hair, Not A Bigger Butt Girls in the Beauty Department Beauty glamour.com.url : favicon (1078 bytes)
C:\Documents and Settings\Lori\Favorites\Shopping\GM Family First.url : favicon (1406 bytes)
C:\Documents and Settings\Lori\Favorites\Shopping\Household Products\ConsumerSearch.url : favicon (4286 bytes)
C:\Documents and Settings\Lori\Favorites\Shopping\Household Products\Green Products and Information!.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\Shopping\NARTS - Guide to Resale Shopping.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\Shopping\Resale, Consignment & Thrift Store Listings & Consumer Info from the National Association of Resale & Thrift Shops.url : favicon (3638 bytes)
C:\Documents and Settings\Lori\Favorites\Story docs\adders.org - Social Stories.url : favicon (774 bytes)
C:\Documents and Settings\Lori\Favorites\Story docs\Clearance Products Books, Games, Educational Material and Teaching Resources by School Specialty Publishing.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Story docs\do2learn Educational Resources for Special Needs.url : favicon (894 bytes)
C:\Documents and Settings\Lori\Favorites\Television buying guide as computer monitor too CNET Reviews.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Terramar Helix T-Shirt - UPF 25+, Short Sleeve (For Men) - Save 50%.url : favicon (2862 bytes)
C:\Documents and Settings\Lori\Favorites\The 6 Biggest Skin-Care Mistakes on Yahoo! Health.url : favicon (6598 bytes)
C:\Documents and Settings\Lori\Favorites\Trusteer Rapport - from Huntington Bank Online free.url : favicon (2238 bytes)
C:\Documents and Settings\Lori\Favorites\Welcome to S,V, & S forum; Security Tools and Removal Resources - CNET Spyware, viruses, & security Forums.url : favicon (1150 bytes)
C:\Documents and Settings\Lori\Favorites\Windows Internet Explorer 8 Home page.url : favicon (1150 bytes)




Should I save to Favorites or is that not a good idea?

Which is better to use: IE or Mozilla Firefox?


As you may see, I like to try to figure stuff out! I would like to
know if there is any other way to get rid of junk in all of my files? What type of "class" can I take to learn about this crazy stuff so I can troubleshoot better? (how did you learn?)

Thanks,
Lori