My computer has been performing slowly and even sometimes freezes when i start it up. A couple times i got a blue screen when i started it up then it shut off. Attached are all my logs.

Thanks for any help.

The hjt log from above:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:55 PM, on 6/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [DSS] C:\Windows\VBXInsHost.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 11898 bytes


one possible nasty is VBXINSHOST.EXE ~suspect/unknown.. associated with internet worm/malware

one possible nasty is VBXINSHOST.EXE ~suspect/unknown.. associated with internet worm/malware
Agreed. The ESET log is incomplete also. Please run it again and post the FULL log.

I reran it and the log looks pretty much the same... It didn't find or remove anything.

How long did that scan take? Did you use Internet Explorer? did you turn off your antivirus program?

How long did that scan take? Did you use Internet Explorer? did you turn off your antivirus program?

it took around one and a half to two hours and scanned more than 200,000 files. I used IE and I'm pretty sure I disabled my antivirus... I'm sure the first time I did it I had my antivirus disabled.

The infection could be in the form of a hook/rootkit, blocking your scanners when they are executed via registry hacks.. I'm going to look into some more information for the Vundo stuff that has been "quarantined" deleted from your other log to see what other associations those things have.

Get rid of Windows Defender if possible. At least disable it. It causes more trouble than it is worth.

After doing some reading about the pest vundo, I have found several recommendations to use combofix.. I have not had to use this application myself, so I am not familiar with the process other than you post a log, then someone posts a "script" that is used with combofix to perform it's cleaning opperation.

The first thing you should do is print out this guide as we will close all the open windows and programs, including your web browser, before starting the ComboFix program. download ComboFix, (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
Once the Windows Registry has finished being backed up, ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically
You should now post this log here when all is complete. And please copy/paste this log DO NOT ATTACH it.

I'll try ComboFix and get back to you with the results. Thanks.

here it is...

ComboFix 09-06-05.02 - Michael 06/05/2009 13:35.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.986 [GMT -5:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Michael\AppData\Roaming\inst.exe
c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
c:\windows\system32\Drivers\sptd.sys
D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.

2009-06-05 18:46 . 2009-06-05 18:46 -------- d-sh--w- \$RECYCLE.BIN
2009-06-05 18:42 . 2009-06-05 18:42 -------- d-----w- C:\temp
2009-06-05 18:33 . 2009-06-05 18:33 -------- d-----w- \Qoobox
2009-06-05 17:15 . 2009-03-09 16:06 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.003\NAVENG.SYS
2009-06-05 17:15 . 2009-03-09 16:06 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.003\NAVEX15.SYS
2009-06-05 17:15 . 2009-03-09 16:06 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.003\NAVENG32.DLL
2009-06-05 17:15 . 2009-03-09 16:06 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.003\NAVEX32A.DLL
2009-06-05 17:15 . 2009-03-09 16:06 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.003\EECTRL.SYS
2009-06-05 17:15 . 2009-03-09 16:06 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.003\ECMSVR32.DLL
2009-06-05 17:15 . 2009-03-09 16:06 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.003\ERASER.SYS
2009-06-05 17:15 . 2009-03-09 16:06 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.003\CCERASER.DLL
2009-06-03 23:49 . 2009-06-05 03:09 -------- d-----w- c:\users\Michael\AppData\Local\Apple Computer
2009-06-03 19:58 . 2009-06-03 19:58 -------- d-----w- c:\program files\ESET
2009-06-03 19:24 . 2009-06-03 19:24 -------- d-----w- c:\users\Michael\AppData\Local\Apple
2009-06-02 23:00 . 2009-06-02 23:00 -------- d-----w- c:\users\Michael\AppData\Local\Adobe
2009-06-02 21:47 . 2009-06-02 21:47 -------- d-----w- c:\users\Michael\AppData\Local\AOL OCP
2009-06-02 21:47 . 2009-06-02 21:47 -------- d-----w- c:\users\Michael\AppData\Local\AOL
2009-06-02 21:32 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 21:32 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 21:32 . 2009-06-02 21:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 01:57 . 2009-06-02 01:58 -------- d-----w- c:\program files\QuickTime
2009-05-29 18:42 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll
2009-05-29 18:42 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys
2009-05-29 18:42 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys
2009-05-29 18:42 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll
2009-05-29 18:42 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSviA64.sys
2009-05-27 16:09 . 2009-05-27 16:10 65294248 ----a-w- c:\programdata\Sling Media\AutoUpdateFiles\D367SLingPlayer.exe
2009-05-26 17:44 . 2009-05-26 17:44 -------- d-----w- c:\program files\HandBrake
2009-05-24 19:30 . 2009-05-24 19:30 -------- d-----w- c:\program files\Nimbuzz
2009-05-23 20:30 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\Scxpx86.dll
2009-05-23 20:30 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSXpx86.sys
2009-05-23 20:30 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSvix86.sys
2009-05-23 20:30 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSxpx86.dll
2009-05-23 20:30 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSviA64.sys
2009-05-23 20:29 . 2009-05-23 20:29 738120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-15 23:43 . 2009-05-15 23:43 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-15 08:51 . 2009-05-24 03:54 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-05-15 08:51 . 2009-05-24 03:53 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-05-15 08:50 . 2009-05-24 03:53 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-05-15 08:49 . 2009-05-15 08:49 -------- d-----w- c:\windows\Replay Media Catcher
2009-05-15 08:48 . 2009-05-26 06:00 -------- d-----w- c:\program files\Replay Media Catcher

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 18:44 . 2007-08-23 21:40 2459627520 --sha-w- \pagefile.sys
2009-06-05 18:43 . 2007-08-23 21:47 1660 ----a-w- c:\windows\bthservsdp.dat
2009-06-05 17:15 . 2009-04-16 03:55 28029 ----a-w- c:\programdata\nvModes.dat
2009-06-03 05:35 . 2008-06-26 02:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-02 23:28 . 2007-09-01 17:18 -------- d-----w- c:\program files\PowerISO
2009-05-26 18:56 . 2008-11-13 06:23 -------- d-----w- c:\users\Michael\AppData\Roaming\Skype
2009-05-26 18:56 . 2008-11-13 06:24 -------- d-----w- c:\users\Michael\AppData\Roaming\skypePM
2009-05-16 12:50 . 2008-06-26 02:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-15 09:28 . 2007-08-31 22:01 -------- d-----w- c:\users\Michael\AppData\Roaming\uTorrent
2009-05-15 08:07 . 2007-06-19 10:53 -------- d-----w- c:\programdata\Microsoft Help
2009-05-15 08:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-30 23:15 . 2007-09-02 19:08 -------- d-----w- c:\users\Michael\AppData\Roaming\Canon
2009-04-27 20:21 . 2009-02-28 01:41 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-04-27 20:05 . 2009-05-01 19:47 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-27 20:05 . 2009-04-27 20:05 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-04-16 17:08 . 2008-02-16 19:01 -------- d-----w- c:\programdata\NVIDIA
2009-04-11 05:34 . 2007-08-30 22:34 28029 ----a-w- c:\users\Michael\AppData\Roaming\nvModes.dat
2009-04-08 00:14 . 2009-04-08 00:14 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 00:14 . 2009-04-08 00:14 -------- d-----w- c:\program files\iTunes
2009-04-08 00:14 . 2009-04-08 00:14 -------- d-----w- c:\program files\iPod
2009-04-08 00:14 . 2007-09-01 05:13 -------- d-----w- c:\program files\Common Files\Apple
2009-04-08 00:07 . 2009-04-08 00:07 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-19 21:32 . 2009-04-08 00:14 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 21:32 . 2009-03-19 21:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-18 18:59 . 2008-10-09 23:56 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-17 03:38 . 2009-04-15 19:35 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 19:35 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-03-09 19:53 . 2009-03-09 19:53 69664 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\64\lbd.sys
2009-03-09 19:53 . 2009-03-09 19:53 274792 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\64\AAWDriverTool.exe
2009-03-09 19:52 . 2009-03-09 19:52 73064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-03-09 10:19 . 2008-12-10 05:03 410984 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-03 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-09-19 66816]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 163840]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-29 518488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-09 4390912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=c:\windows\pss\Clean Access Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FD8CC398-C3F7-41BE-98A5-C6A62BB10958}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{13C9E86B-54AE-4A87-A2EF-44ED2B50EF5F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{220513BC-B2BE-4FA0-BAC9-60F5F7F74726}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{5A90CF99-4F43-41A7-BD63-833D156B1E88}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{95383F02-9BF8-4FFB-9917-671A202B8E80}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CD4068D7-B5D6-4E40-BF0F-A5E33A97304B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{94F144FD-51FF-47FC-9888-47B9EB6EBB2C}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D4E92348-BAF7-45C0-8F15-C60F4331067A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F03EBEA6-16B0-45AC-BFB6-B06BA544D646}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{463360B5-9168-4A8C-99C2-D408F72A831A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BD401096-17CE-4EC9-9875-511E1990B5D5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0972E767-D1E9-4BA6-B974-B2FFE93F6FE0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FD63C072-B217-426F-94EB-29EB595F8FFC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{CB3BDBCE-808B-47DC-8684-8147FB149A47}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{E9B38C58-9667-4192-85AE-9B34C2DBDAB9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{B1897D15-107E-4F7B-B33B-96605761AC75}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{200F605A-7E89-41AD-83BF-934E46A7EB4D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{DD98F6BE-E108-44A1-B251-95D8C6301204}c:\\program files\\airport\\apagent.exe"= UDP:c:\program files\airport\apagent.exe:AirPort Base Station Agent
"UDP Query User{706EF837-1DEF-45D2-9346-6F4E79DFE800}c:\\program files\\airport\\apagent.exe"= TCP:c:\program files\airport\apagent.exe:AirPort Base Station Agent
"TCP Query User{A55E98F4-4492-4327-AA54-B86562560AF4}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A4485829-CDF8-4582-BFE1-F39B11A815FA}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{05801DED-9433-4EBA-B9CA-8A3DCCBB4BEF}"= UDP:990:LocalSubnet:LocalSubnet|IF={D25E9E4A-D581-4C0C-99CB-3AF6D9AB32DB}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{ED1171C8-6749-424A-9FFB-298B3136AFC5}"= UDP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"{6382BFE2-70C7-4CFF-9A59-07ADA808FDB6}"= TCP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"{37A7B586-DF66-4DF4-917E-B07185AFFD5E}"= UDP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{E2BF2A6E-34D6-4A7B-B8D3-0D30A3A4736E}"= TCP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"TCP Query User{1D6D180D-598E-4CAF-9486-2C1CC04B2113}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{E9ADA256-24FD-4560-AE03-6A586244BF9F}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{010BCB0B-AE69-4C9E-B3D2-CDC20FA4C1BF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B6325566-44E6-4BAD-8DAC-B67796009F7B}"= UDP:990:LocalSubnet:LocalSubnet|IF={D25E9E4A-D581-4C0C-99CB-3AF6D9AB32DB}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{24778982-55AB-4A7B-93F7-98E9805F6E9F}"= UDP:990:LocalSubnet:LocalSubnet|IF={D25E9E4A-D581-4C0C-99CB-3AF6D9AB32DB}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{7D21A26D-7A12-4A8E-BA3C-25E05060B3E9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DA3245CD-BF63-4C26-961C-231FEB0C064D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{A6470E6C-4038-4CCD-8D1E-1451809B2C9C}c:\\program files\\tightvnc\\winvnc.exe"= UDP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
"UDP Query User{0699C4D7-89C3-4F2A-9CFD-4FB06A34F92C}c:\\program files\\tightvnc\\winvnc.exe"= TCP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
"{BCC29B56-97B5-45E7-85B3-BA4ECE214E95}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9DA5012B-D02A-4F25-AB0C-0AAFCFDFEEBD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{DE8F5931-1F41-4BB7-9858-6B1F6347F3CA}"= TCP:5353:Bonjour
"{48C1AD69-E6C9-4E78-A53C-6C09DD7B793C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{0783FAB5-5D18-470E-AC40-F8B7F6E4C625}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{8F226577-F2AF-40C6-A865-F6EEC71C0332}c:\\program files\\simplify media\\simplifypeer.exe"= UDP:c:\program files\simplify media\simplifypeer.exe:Simplify Media Peer
"UDP Query User{0A3B8CA2-6374-4703-A1EF-620BE925FED1}c:\\program files\\simplify media\\simplifypeer.exe"= TCP:c:\program files\simplify media\simplifypeer.exe:Simplify Media Peer
"TCP Query User{BD2E5D62-2B36-4934-92EB-E1BE990C3912}c:\\program files\\iphone tunnel suite\\itunnel\\itunnel.exe"= UDP:c:\program files\iphone tunnel suite\itunnel\itunnel.exe:iTunnel
"UDP Query User{CBB8F3E7-2120-48BF-937E-3C3E7DD3DB92}c:\\program files\\iphone tunnel suite\\itunnel\\itunnel.exe"= TCP:c:\program files\iphone tunnel suite\itunnel\itunnel.exe:iTunnel
"TCP Query User{80F5BFCE-8F4C-4353-8FDA-1205CB78BE7F}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{D96F7C76-4633-469D-B104-91C85FE171E3}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{BCCFC918-BD9C-49EE-8C48-1A63AD087A6E}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{D89E8887-B961-4ACE-9B29-C75F813718B3}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{3C8159B2-6309-4AC3-B67B-2B69515F09C5}c:\\program files\\simplify media\\simplifymedia.exe"= UDP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
"UDP Query User{8BFBBB26-4FDF-47A7-90ED-75E0BAD6857A}c:\\program files\\simplify media\\simplifymedia.exe"= TCP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
"TCP Query User{CF08D22A-9228-44FB-AB54-5CA4106E6738}c:\\program files\\simplify media\\simplifymedia.exe"= UDP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
"UDP Query User{E50D691B-D21B-40D0-B5FC-AA82FBF52DB9}c:\\program files\\simplify media\\simplifymedia.exe"= TCP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
"{2C5CB0FE-FDDE-45EE-B58C-1B455CE330C1}"= UDP:c:\program files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
"{F1EB1D76-60E3-4C50-819E-0F9A66787DE1}"= TCP:c:\program files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
"TCP Query User{C0D91D49-C911-4F92-AC7E-265232D2EE99}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{B8F11B35-B502-49A8-A5F1-2A10330019BD}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{4C8D07BE-99F3-49CD-A30F-171E0A5554EC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{DE214E1F-FAEC-41AE-A6C7-732D561D63BD}c:\\program files\\iphone tunnel suite\\itunnel\\itunnel.exe"= UDP:c:\program files\iphone tunnel suite\itunnel\itunnel.exe:iTunnel
"UDP Query User{E4E3BCE8-6B63-4A82-8B11-A2C629432AF9}c:\\program files\\iphone tunnel suite\\itunnel\\itunnel.exe"= TCP:c:\program files\iphone tunnel suite\itunnel\itunnel.exe:iTunnel
"{E2B11B59-7939-4613-8975-354DA7913B7D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C0EDF424-8067-498D-BA67-E4E79BCDE5B0}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{0F56AB9A-E420-462C-BBBC-734370338519}c:\\program files\\matlab\\r2007b\\bin\\win32\\matlab.exe"= UDP:c:\program files\matlab\r2007b\bin\win32\matlab.exe:MATLAB
"UDP Query User{7337BC20-E3CD-47B5-AA43-8239254D5B77}c:\\program files\\matlab\\r2007b\\bin\\win32\\matlab.exe"= TCP:c:\program files\matlab\r2007b\bin\win32\matlab.exe:MATLAB
"TCP Query User{65CCA60B-5168-49B9-B233-83A98D615416}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{AD0B321E-9F71-4804-87A3-8559C3B7F4AD}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{1472E0E6-301F-468D-B5D2-08F6288F17D6}c:\\program files\\sling media\\slingplayer\\slingplayer.exe"= UDP:c:\program files\sling media\slingplayer\slingplayer.exe:SlingPlayer
"UDP Query User{8F4E85A3-71AE-44DE-9B01-0424764F1990}c:\\program files\\sling media\\slingplayer\\slingplayer.exe"= TCP:c:\program files\sling media\slingplayer\slingplayer.exe:SlingPlayer
"{08D0B160-91D4-46B0-86E3-9C40862D5C96}"= UDP:c:\program files\AirPort\APAgent.exe:AirPort
"{AC9B5F0E-FCAB-4A3A-97BF-F1856EF6E275}"= TCP:c:\program files\AirPort\APAgent.exe:AirPort
"{80A107E3-51F1-408C-B862-29A4B2C27FCB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FB143D37-10D5-4F30-A6F3-F3C0497B6175}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C4CE9C36-8623-45CB-ACD9-E5F9F445531F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6B308980-7D10-4608-9BD3-2664AA4357F9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5FE55DCD-B762-4705-94C2-79BBFD542BB3}"= UDP:c:\program files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
"{2F6E19EA-4758-419D-BFBA-E63E7E6AFE02}"= TCP:c:\program files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [5/1/2009 2:47 PM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000.086\SymEFA.sys [3/18/2009 1:59 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086\BHDrvx86.sys [3/18/2009 1:59 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.086\cchpx86.sys [3/18/2009 1:59 PM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys [5/29/2009 1:42 PM 292912]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [5/29/2008 6:33 PM 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [5/29/2008 6:33 PM 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1005904]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [3/18/2009 1:59 PM 115560]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [6/25/2008 9:21 PM 1153368]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [3/10/2009 12:09 AM 93960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/23/2007 9:56 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 9:17 PM 101936]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 3:40 PM 3668480]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086\symndisv.sys [3/18/2009 1:59 PM 39984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:47]

2009-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-427839270-3882261659-512520142-1000.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-03 00:40]

2009-05-15 c:\windows\Tasks\HPCeeScheduleForMichael.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-06-19 21:23]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MtdAcqu - c:\program files\Creative\MediaSource5\MtdAcqu.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en%5C
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\r1ny888h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Michael\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\r1ny888h.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 13:47
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-427839270-3882261659-512520142-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{471EB9A8-9996-E246-71E2-203FD5233EC0}*]
"nafmceappfakpnedgkkgpbdfigka"=hex:6a,61,6c,6a,62,70,69,65,6e,6f,70,66,67,61,
66,70,6e,6a,62,69,00,7f
"gbhgkgpidfbgjfhkjgdbfehffmfljnanbclcindaedbhlf"=hex:6c,61,6c,6c,61,6d,6f,6e,
6f,6c,62,6d,65,70,6a,68,6b,68,61,65,69,6d,66,69,00,00
"bbngajeapfbpapifemahjbkjckodancbehpj"=hex:6e,61,6c,6a,64,70,6a,6b,62,63,6c,63,
62,63,6e,68,68,62,6f,66,66,6c,70,6c,63,66,67,6d,00,83
"oapmiacohdnkmgfncmecimkahjfokd"=hex:6a,61,6c,6a,62,70,69,65,6e,6f,70,66,67,61,
66,70,6e,6a,62,69,00,7f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(804)
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(4396)
c:\windows\system32\APSHook.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\TightVNC\WinVNC.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Bioscrypt\VeriSoft\Bin\asghost.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-06-05 13:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-05 18:57

Pre-Run: 31,950,675,968 bytes free
Post-Run: 31,923,666,944 bytes free

387 --- E O F --- 2009-05-15 08:07

Why did you run combofix twice? Plus your Norton program was RUNNING when this last one was done. Too late now, DON'T run combofix again unless directed to do so. It will take awhile to go through this 2nd log. Wish I could see the first one.

I only ran it once. This is the log from C:\ComboFix.txt after it had restarted. And I had disabled every function of norton, I don't know why it said it was on. I had turned off the firewall, antivirus, email scanning, and a couple other things.