The Windows/System 32 folder opens on my desktop on startup...

Any Help???????????????

Hi and welcome to PCHF!

That seems very strange to me.. could you please follow the prework link in my signature and post the logs produced in your next reply. I want to see if this is a malware problem.. someone from the security team will help you as soon as they can once you post the logs.

Thanks,
Adam

Logfile of HijackThis v1.99.1
Scan saved at 8:45:36 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robert\Desktop\Utilities\hijackthis\Hijac kThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...ad/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/english/cyb...dio/ChkDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1182830812991
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1182830775897
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://12.36.103.133/push.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax2918.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neut...cab?10,0,910,0
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

WINDOWS32 folder opens on startup
Please Help...........



StartupList report, 9/23/2007, 8:51:52 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Robert\Desktop\Utilities\hijackthis\Hijac kThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16512)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robert\Desktop\Utilities\hijackthis\Hijac kThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Robert\Start Menu\Programs\Startup]
Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Win logon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Win logon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ehTray = C:\WINDOWS\ehome\ehtray.exe
ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
AVG7_CC = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
CTSysVol = "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
CTHelper = CTHELPER.EXE
AsioReg = "REGSVR32.EXE" /S CTASIO.DLL
IAAnotif = "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SB Audigy 2 Startup Menu = /L:ENG
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:WINDOWSsystem32ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:WINDOWSinfunregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:WINDOWSsystem32ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%system32shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%Outlook Expresssetup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFmsnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFmsmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFwmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%Outlook Expresssetup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:WINDOWSsystem32ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:WINDOWSsystem32Rundll32.exe C:WINDOWSsystem32mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCUSoftwareMirabilisICQAgentApps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:WINDOWSWIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM..Windows NTCurrentVersionWinLogon: load=*Registry value not found*
HKLM..Windows NTCurrentVersionWinLogon: run=*Registry value not found*
HKLM..WindowsCurrentVersionWinLogon: load=*Registry key not found*
HKLM..WindowsCurrentVersionWinLogon: run=*Registry key not found*
HKCU..Windows NTCurrentVersionWinLogon: load=*Registry value not found*
HKCU..Windows NTCurrentVersionWinLogon: run=*Registry value not found*
HKCU..WindowsCurrentVersionWinLogon: load=*Registry key not found*
HKCU..WindowsCurrentVersionWinLogon: run=*Registry key not found*
HKCU..Windows NTCurrentVersionWindows: load=
HKCU..Windows NTCurrentVersionWindows: run=*Registry value not found*
HKLM..Windows NTCurrentVersionWindows: load=*Registry value not found*
HKLM..Windows NTCurrentVersionWindows: run=*Registry value not found*
HKLM..Windows NTCurrentVersionWindows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:WINDOWSSYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:WINDOWSSystem32ssmypics.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU..Policies: Shell=*Registry value not found*
HKLM..Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:WINDOWSExplorer.exe: PRESENT!

C:Explorer.exe: not present
C:WINDOWSExplorerExplorer.exe: not present
C:WINDOWSSystemExplorer.exe: not present
C:WINDOWSSystem32Explorer.exe: not present
C:WINDOWSCommandExplorer.exe: not present
C:WINDOWSFontsExplorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:PROGRA~1SPYBOT~1SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:WINDOWSsystem32dlatfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - C:Program FilesJavajre1.5.0_06binssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
MP Scheduled Scan.job
wrSpySweeperTrialSweep.job

--------------------------------------------------

Enumerating Download Program Files:

[{01010E00-5E80-11D8-9E86-0007E96C65AE}]
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

[SupportSoft Script Runner Class]
InProcServer32 = C:WINDOWSDownloaded Program Filestgctlsr.dll
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

[Support.com Configuration Class]
InProcServer32 = C:WINDOWSDownloaded Program Filestgctlcm.dll
CODEBASE = https://activatemyfios.verizon.net/s...ad/tgctlcm.cab

[Creative Software AutoUpdate]
InProcServer32 = C:WINDOWSDOWNLO~1CTSUEng.ocx
CODEBASE = http://www.creative.com/su/ocx/15030/CTSUEng.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:WINDOWSsystem32legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?LinkID=39204

[MSSecurityAdvisor Class]
InProcServer32 = C:WINDOWSSystem32mssecadv.dll
CODEBASE = Microsoft Security At Home - Help Prevent Identity Theft, Spyware & Viruses

[LSSupCtl Class]
InProcServer32 = C:WINDOWSDownloaded Program FilesLSSupCtl.dll
CODEBASE = https://www-secure.symantec.com/tech...l/LSSupCtl.cab

[Office Update Installation Engine]
InProcServer32 = C:WINDOWSopuc.dll
CODEBASE = http://office.microsoft.com/officeup...tent/opuc3.cab

[ChkDVDCtl Class]
InProcServer32 = C:WINDOWSDOWNLO~1ChkDVD.dll
CODEBASE = http://www.cyberlink.com/english/cyb...dio/ChkDVD.cab

[WUWebControl Class]
InProcServer32 = C:WINDOWSsystem32wuweb.dll
CODEBASE = http://www.update.microsoft.com/micr...?1182830812991

[MUWebControl Class]
InProcServer32 = C:WINDOWSsystem32muweb.dll
CODEBASE = http://www.update.microsoft.com/micr...?1182830775897

[Java Plug-in]
InProcServer32 = C:Program FilesJavajre1.5.0_06binssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab

[Shutterfly Picture Upload Plugin]
InProcServer32 = C:Program FilesShutterflysfuploadplugin.ocx
CODEBASE = http://web1.shutterfly.com/downloads/Uploader.cab

[Cameractl Class]
InProcServer32 = C:WINDOWSDownloaded Program Filescamera.ocx
CODEBASE = http://12.36.103.133/push.cab

[Java Plug-in]
InProcServer32 = C:Program FilesJavajre1.5.0_06binssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:Program FilesJavajre1.5.0_06binnpjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab

[ActiveDataInfo Class]
InProcServer32 = C:WINDOWSDownloaded Program FilesSymAData.dll
CODEBASE = https://www-secure.symantec.com/tech...l/SymAData.cab

[Shockwave Flash Object]
InProcServer32 = C:WINDOWSsystem32MacromedFlashFlash8.ocx
CODEBASE = http://fpdownload.macromedia.com/pub...sh/swflash.cab

[{ED28050F-D713-43BA-A376-DCC5C35407D5}]
CODEBASE = http://entimg.msn.com/client/msnmusax2918.cab

[Creative Software AutoUpdate Support Package]
InProcServer32 = C:WINDOWSDOWNLO~1CTPID.ocx
CODEBASE = http://www.creative.com/su/ocx/15030/CTPID.cab

[DigWebHelper Class]
InProcServer32 = C:WINDOWSDownloaded Program FilesDigWebX2.dll
CODEBASE = http://photos.msn.com/resources/neut...cab?10,0,910,0

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:WINDOWSSystem32mswsock.dll
NameSpace #2: C:WINDOWSSystem32winrnr.dll
NameSpace #3: C:WINDOWSSystem32mswsock.dll
Protocol #1: C:WINDOWSsystem32mswsock.dll
Protocol #2: C:WINDOWSsystem32mswsock.dll
Protocol #3: C:WINDOWSsystem32mswsock.dll
Protocol #4: C:WINDOWSsystem32rsvpsp.dll
Protocol #5: C:WINDOWSsystem32rsvpsp.dll
Protocol #6: C:WINDOWSsystem32mswsock.dll
Protocol #7: C:WINDOWSsystem32mswsock.dll
Protocol #8: C:WINDOWSsystem32mswsock.dll
Protocol #9: C:WINDOWSsystem32mswsock.dll
Protocol #10: C:WINDOWSsystem32mswsock.dll
Protocol #11: C:WINDOWSsystem32mswsock.dll
Protocol #12: C:WINDOWSsystem32mswsock.dll
Protocol #13: C:WINDOWSsystem32mswsock.dll
Protocol #14: C:WINDOWSsystem32mswsock.dll
Protocol #15: C:WINDOWSsystem32mswsock.dll
Protocol #16: C:WINDOWSsystem32mswsock.dll
Protocol #17: C:WINDOWSsystem32mswsock.dll
Protocol #18: C:WINDOWSsystem32mswsock.dll
Protocol #19: C:WINDOWSsystem32mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

a-squared Free Service: "C:Program Filesa-squared Freea2service.exe" (autostart)
Microsoft ACPI Driver: System32DRIVERSACPI.sys (system)
Adobe Active File Monitor V5: C:Program FilesAdobePhotoshop Elements 5.0PhotoshopElementsFileAgent.exe (autostart)
Microsoft Kernel Acoustic Echo Canceller: system32driversaec.sys (manual start)
AEGIS Protocol (IEEE 802.1x) v3.4.3.0: system32DRIVERSAegisP.sys (autostart)
AFD Networking Support Environment: SystemRootSystem32driversafd.sys (system)
Alerter: %SystemRoot%System32svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%System32alg.exe (manual start)
Apple Mobile Device: "C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe" (autostart)
Application Management: %SystemRoot%system32svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32DRIVERSarp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%Microsoft.NETFrameworkv2.0.50727aspnet _state.exe (manual start)
RAS Asynchronous Media Driver: System32DRIVERSasyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32DRIVERSatapi.sys (system)
Ati HotKey Poller: %SystemRoot%System32Ati2evxx.exe (autostart)
ATI Smart: C:WINDOWSsystem32ati2sgag.exe (autostart)
ati2mtag: System32DRIVERSati2mtag.sys (manual start)
ATI eHomeWonder, WDM Video CODEC: System32DRIVERSatinewp2.sys (manual start)
ATM ARP Client Protocol: System32DRIVERSatmarpc.sys (manual start)
Windows Audio: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32DRIVERSaudstub.sys (manual start)
AVG Anti-Spyware Driver: ??C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.sys (system)
AVG Anti-Spyware Guard: C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe (autostart)
AVG7 Alert Manager Server: C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe (autostart)
AVG7 Kernel: SystemRootSystem32Driversavg7core.sys (system)
AVG7 Wrap Driver: SystemRootSystem32Driversavg7rsw.sys (system)
AVG7 Resident Driver XP: SystemRootSystem32Driversavg7rsxp.sys (system)
AVG7 Update Service: C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe (autostart)
AVG Anti-Spyware Clean Driver: System32DRIVERSAvgAsCln.sys (system)
AVG7 Clean Driver: SystemRootSystem32Driversavgclean.sys (system)
AVG E-mail Scanner: C:PROGRA~1GrisoftAVGFRE~1avgemc.exe (autostart)
AVG Network Redirector: SystemRootSystem32Driversavgtdi.sys (autostart)
Broadcom NetXtreme 57xx Gigabit Controller: System32DRIVERSb57xp32.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Closed Caption Decoder: System32DRIVERSCCDECODE.sys (manual start)
CD-ROM Driver: System32DRIVERScdrom.sys (system)
Indexing Service: %SystemRoot%system32cisvc.exe (manual start)
ClipBook: %SystemRoot%system32clipsrv.exe (disabled)
COMMONFX.DLL: system32COMMONFX.DLL (manual start)
Microsoft Composite Battery Driver: System32DRIVERScompbatt.sys (system)
COM+ System Application: C:WINDOWSSystem32dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Creative Service for CDROM Access: C:WINDOWSsystem32CTSvcCDA.EXE (autostart)
Cryptographic Services: %SystemRoot%system32svchost.exe -k netsvcs (autostart)
CT20XUT.DLL: system32CT20XUT.DLL (manual start)
Creative AC3 Software Decoder: System32driversctac32k.sys (manual start)
Creative Audio Driver (WDM): system32driversctaud2k.sys (manual start)
CTAUDFX.DLL: system32CTAUDFX.DLL (manual start)
Creative DVD-Audio Device Driver: System32driversctdvda2k.sys (manual start)
CTEAPSFX.DLL: system32CTEAPSFX.DLL (manual start)
CTEDSPFX.DLL: system32CTEDSPFX.DLL (manual start)
CTEDSPIO.DLL: system32CTEDSPIO.DLL (manual start)
CTEDSPSY.DLL: system32CTEDSPSY.DLL (manual start)
CTERFXFX.DLL: system32CTERFXFX.DLL (manual start)
CTEXFIFX.DLL: system32CTEXFIFX.DLL (manual start)
CTHWIUT.DLL: system32CTHWIUT.DLL (manual start)
Creative Proxy Driver: System32driversctprxy2k.sys (manual start)
CTSBLFX.DLL: system32CTSBLFX.DLL (manual start)
Creative SoundFont Management Device Driver: System32driversctsfm2k.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%system32svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Disk Driver: System32DRIVERSdisk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%System32dmadmin.exe /com (manual start)
dmboot: System32driversdmboot.sys (disabled)
Logical Disk Manager Driver: System32driversdmio.sys (system)
dmload: System32driversdmload.sys (system)
Logical Disk Manager: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32driversDMusic.sys (manual start)
DNS Client: %SystemRoot%System32svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32driversdrmkaud.sys (manual start)
drvmcdb: system32driversdrvmcdb.sys (system)
drvnddm: system32driversdrvnddm.sys (autostart)
Media Center Scheduler Service: C:WINDOWSehomeehSched.exe (autostart)
E-mu Plug-in Architecture Driver: System32driversemupia2k.sys (manual start)
Error Reporting Service: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%system32services.exe (autostart)
COM+ Event System: C:WINDOWSSystem32svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%System32svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32DRIVERSfdc.sys (manual start)
UVC Filter Service: system32DRIVERSlvuvcflt.sys (manual start)
Floppy Disk Driver: System32DRIVERSflpydisk.sys (manual start)
FltMgr: system32driversfltmgr.sys (system)
Volume Manager Driver: System32DRIVERSftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32DRIVERSGEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32DRIVERSmsgpc.sys (manual start)
GTNDIS5 NDIS Protocol Driver: ??C:WINDOWSsystem32GTNDIS5.SYS (manual start)
Creative Hardware Abstract Layer Driver: system32driversha10kx2k.sys (manual start)
Creative P16V HAL Driver: System32drivershap16v2k.sys (manual start)
Creative P17V HAL Driver: system32drivershap17v2k.sys (manual start)
Help and Support: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
HID UPS Battery Driver: System32DRIVERSHidBatt.sys (manual start)
Microsoft Infrared HID Driver: System32DRIVERShidir.sys (manual start)
HID Input Service: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: System32DRIVERShidusb.sys (manual start)
IEEE-1284.4 Driver HPZid412: system32DRIVERSHPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32DRIVERSHPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32DRIVERSHPZius12.sys (manual start)
HTTP: System32DriversHTTP.sys (manual start)
HTTP SSL: %SystemRoot%System32svchost.exe -k HTTPFilter (manual start)
Intel(R) Matrix Storage Event Monitor: C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe (autostart)
Intel RAID Controller: system32driversiaStor.sys (system)
InstallDriver Table Manager: "C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32DRIVERSimapi.sys (system)
IMAPI CD-Burning COM Service: C:WINDOWSSystem32imapi.exe (manual start)
Intel Processor Driver: System32DRIVERSintelppm.sys (system)
IPv6 Windows Firewall Driver: system32driversip6fw.sys (manual start)
IP Traffic Filter Driver: System32DRIVERSipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32DRIVERSipinip.sys (manual start)
IP Network Address Translator: System32DRIVERSipnat.sys (manual start)
iPod Service: "F:Program FilesiPodbiniPodService.exe" (manual start)
IPSEC driver: System32DRIVERSipsec.sys (system)
Infrared bus filter driver for eHome remote controls: System32DRIVERSIrBus.sys (manual start)
IR Enumerator Service: System32DRIVERSirenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32DRIVERSisapnp.sys (system)
Keyboard Class Driver: System32DRIVERSkbdclass.sys (system)
Keyboard HID Driver: System32DRIVERSkbdhid.sys (system)
KLIF: system32DRIVERSklif.sys (system)
Microsoft Kernel Wave Audio Mixer: system32driverskmixer.sys (manual start)
Server: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%System32svchost.exe -k LocalService (autostart)
Logitech Kernel Audio Processing Filter Driver: ??C:WINDOWSsystem32driversLvckap.sys (manual start)
Logitech Machine Vision Engine Loader: ??C:WINDOWSsystem32driverslvmvdrv.sys (manual start)
Logitech POP Suppression Filter: system32DRIVERSlvpopflt.sys (manual start)
Logitech LVPrcMon Driver: ??C:WINDOWSsystem32driversLVPrcMon.sys (manual start)
Logitech Process Monitor: crogram filescommon fileslogitechlvmvfmLVPrcSrv.exe (autostart)
Logitech USB Monitor Filter: system32driverslvusbsta.sys (manual start)
Logitech QuickCam Fusion(UVC): system32DRIVERSlvuvc.sys (manual start)
Machine Debug Manager: "C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE" (autostart)
Messenger: %SystemRoot%System32svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:WINDOWSSystem32mnmsrvc.exe (manual start)
Mouse Class Driver: System32DRIVERSmouclass.sys (system)
Mouse HID Driver: System32DRIVERSmouhid.sys (manual start)
MozyHome Backup Service: "C:Program FilesMozyHomemozybackup.exe" (autostart)
mozyFilter: system32DRIVERSmozy.sys (system)
Photo Viewer: system32DRIVERSmr7910.sys (manual start)
WebDav Client Redirector: System32DRIVERSmrxdav.sys (manual start)
MRXSMB: System32DRIVERSmrxsmb.sys (system)
Distributed Transaction Coordinator: C:WINDOWSSystem32msdtc.exe (manual start)
Windows Installer: C:WINDOWSsystem32msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32driversMSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32driversMSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32driversMSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32DRIVERSmssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32driversMSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32DRIVERSNABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32DRIVERSNdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32DRIVERSndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32DRIVERSndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32DRIVERSndiswan.sys (manual start)
NetBIOS Interface: System32DRIVERSnetbios.sys (system)
NetBios over Tcpip: System32DRIVERSnetbt.sys (system)
Network DDE: %SystemRoot%system32netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%system32netdde.exe (disabled)
Net Logon: %SystemRoot%System32lsass.exe (manual start)
Network Connections: %SystemRoot%System32svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32DRIVERSnic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%System32svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%System32lsass.exe (manual start)
Removable Storage: %SystemRoot%system32svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32DRIVERSnwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32DRIVERSnwlnkfwd.sys (manual start)
Texas Instruments OHCI Compliant IEEE 1394 Host Controller: System32DRIVERSohci1394.sys (system)
OMCI: SystemRootSYSTEM32DRIVERSOMCI.SYS (system)
Office Source Engine: "C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE" (manual start)
Creative OS Services Driver: system32driversctoss2k.sys (manual start)
Parallel port driver: System32DRIVERSparport.sys (manual start)
PCI Bus Driver: System32DRIVERSpci.sys (system)
PCIIde: System32DRIVERSpciide.sys (system)
PfModNT: ??C:WINDOWSSystem32driversPfModNT.sys (autostart)
Plug and Play: %SystemRoot%system32services.exe (autostart)
Pml Driver HPZ12: C:WINDOWSsystem32HPZipm12.exe (autostart)
IPSEC Services: %SystemRoot%System32lsass.exe (autostart)
WAN Miniport (PPTP): System32DRIVERSraspptp.sys (manual start)
Processor Driver: System32DRIVERSprocessr.sys (system)
Protected Storage: %SystemRoot%system32lsass.exe (autostart)
QoS Packet Scheduler: System32DRIVERSpsched.sys (manual start)
Direct Parallel Link Driver: System32DRIVERSptilink.sys (manual start)
PxHelp20: System32DriversPxHelp20.sys (system)
Remote Access Auto Connection Driver: System32DRIVERSrasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%System32svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32DRIVERSrasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%System32svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32DRIVERSraspppoe.sys (manual start)
Direct Parallel: System32DRIVERSraspti.sys (manual start)
Rdbss: System32DRIVERSrdbss.sys (system)
RDPCDD: System32DRIVERSRDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32DRIVERSrdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:WINDOWSsystem32sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32DRIVERSredbook.sys (system)
Routing and Remote Access: %SystemRoot%System32svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%system32svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%System32locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%system32svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%System32rsvp.exe (manual start)
Linksys Home Wireless-G USB Adapter Driver: system32DRIVERSrt73.sys (manual start)
Security Accounts Manager: %SystemRoot%system32lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: system32DRIVERSsbp2port.sys (system)
Smart Card: %SystemRoot%System32SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Secdrv: System32DRIVERSsecdrv.sys (autostart)
Secondary Logon: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%system32svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32DRIVERSserenum.sys (manual start)
Serial port driver: System32DRIVERSserial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32DRIVERSSLIP.sys (manual start)
Sony USB Filter Driver (SONYPVU1): system32DRIVERSSONYPVU1.SYS (manual start)
Microsoft Kernel Audio Splitter: system32driverssplitter.sys (manual start)
Print Spooler: %SystemRoot%system32spoolsv.exe (autostart)
System Restore Filter Driver: System32DRIVERSsr.sys (system)
srescan: system32ZoneLabssrescan.sys (system)
System Restore Service: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Srv: System32DRIVERSsrv.sys (manual start)
sscdbhk5: system32driverssscdbhk5.sys (system)
SSDP Discovery Service: %SystemRoot%System32svchost.exe -k LocalService (manual start)
Spy Sweeper File System Filer Driver: 0509: SYSTEM32DriversSSFS0509.SYS (system)
Spy Sweeper Hookrack MiniDriver: SYSTEM32DriversSSHRMD.SYS (system)
Spy Sweeper Interdiction Driver: SYSTEM32DriversSSIDRV.SYS (system)
Webroot Spy Sweeper Keylogger Shield Keyboard Filter: System32Driverssskbfd.sys (manual start)
ssrtln: system32driversssrtln.sys (system)
Windows Image Acquisition (WIA): %SystemRoot%System32svchost.exe -k imgsvc (autostart)
BDA IPSink: System32DRIVERSStreamIP.sys (manual start)
Software Bus Driver: System32DRIVERSswenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32driversswmidi.sys (manual start)
MS Software Shadow Copy Provider: C:WINDOWSSystem32dllhost.exe /Processid:{242F4886-EF16-4D5B-803C-CBAA547591D4} (manual start)
Microsoft Kernel System Audio Device: system32driverssysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%system32smlogsvc.exe (manual start)
Telephony: %SystemRoot%System32svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32DRIVERStcpip.sys (system)
Terminal Device Driver: System32DRIVERStermdd.sys (system)
Terminal Services: %SystemRoot%System32svchost -k DComLaunch (manual start)
tfsnboio: system32dlatfsnboio.sys (autostart)
tfsncofs: system32dlatfsncofs.sys (autostart)
tfsndrct: system32dlatfsndrct.sys (autostart)
tfsndres: system32dlatfsndres.sys (autostart)
tfsnifs: system32dlatfsnifs.sys (autostart)
tfsnopio: system32dlatfsnopio.sys (autostart)
tfsnpool: system32dlatfsnpool.sys (autostart)
tfsnudf: system32dlatfsnudf.sys (autostart)
tfsnudfa: system32dlatfsnudfa.sys (autostart)
Themes: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Telnet: C:WINDOWSSystem32tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%system32svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:WINDOWSsystem32wdfmgr.exe (autostart)
Microcode Update Driver: System32DRIVERSupdate.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%System32svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%System32ups.exe (manual start)
USB Audio Driver (WDM): system32driversusbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: System32DRIVERSusbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32DRIVERSusbehci.sys (manual start)
USB2 Enabled Hub: System32DRIVERSusbhub.sys (manual start)
Microsoft USB PRINTER Class: System32DRIVERSusbprint.sys (manual start)
USB Scanner Driver: system32DRIVERSusbscan.sys (manual start)
USB Mass Storage Driver: system32DRIVERSUSBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32DRIVERSusbuhci.sys (manual start)
VGA Display Controller.: SystemRootSystem32driversvga.sys (system)
vsdatant: System32vsdatant.sys (system)
TrueVector Internet Monitor: C:WINDOWSsystem32ZoneLabsvsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%System32vssvc.exe (manual start)
Windows Time: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32DRIVERSwanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32driverswdmaud.sys (manual start)
WebClient: %SystemRoot%System32svchost.exe -k LocalService (autostart)
Webroot Spy Sweeper Engine: C:Program FilesWebrootSpy SweeperSpySweeper.exe (autostart)
Windows Defender: "C:Program FilesWindows DefenderMsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%system32svchost.exe -k netsvcs (autostart)
Logitech Virtual Bus Enumerator Driver: system32driversWmBEnum.sys (manual start)
Windows Media Connect Service: C:Program FilesWindows Media Connect 2wmccds.exe (manual start)
WMDM PMSP Service: C:WINDOWSSystem32MsPMSPSv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%System32svchost.exe -k netsvcs (manual start)
Logitech WingMan HID Filter Driver: system32driversWmFilter.sys (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%System32svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:WINDOWSSystem32wbemwmiapsrv.exe (manual start)
Logitech Virtual Hid Device Driver: system32driversWmVirHid.sys (manual start)
Logitech WingMan Translation Layer Driver: system32driversWmXlCore.sys (manual start)
Security Center: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32DRIVERSWSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%system32svchost.exe -k netsvcs (autostart)
WUSB54GCSVC: "C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorWLService.exe" "WUSB54GC.exe" (autostart)
Wireless Zero Configuration: %SystemRoot%System32svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%System32svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: COCUME~1RobertLOCALS~1TEMPOR~1Content.IE5index.d at||COCUME~1RobertCookiesindex.dat||COCUME~1Ro bertLOCALS~1HistoryHistory.IE5index.dat|||t

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:WINDOWSsystem32SHELL32.dll
CDBurn: C:WINDOWSsystem32SHELL32.dll
WebCheck: C:WINDOWSsystem32webcheck.dll
SysTray: C:WINDOWSSystem32stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCUSoftwareMicrosoftWindowsCurrentVersionpolicies ExplorerRun

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLMSoftwareMicrosoftWindowsCurrentVersionpolicies ExplorerRun

*Registry key not found*

--------------------------------------------------

End of report, 43,607 bytes
Report generated in 0.250 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Do you have the AVG A-S and that SAS logs?

Moved to HijackThis logs sections and PM sent to Security Team to have look.

Thanks,
Adam

I think this is the one that fixes it.


Open Notepad and start a new file. right click on the text in the quote box below and drag your mouse cursor over all the text, starting with REGEDIT4. Once Hilighted, Rt. click and choose copy. Paste into Notepad and save as "fix.reg". Save it to your desktop.Make sure you include the REGEDIT4


Now double click on the fix.reg file on your desktop and allow it to merge into your registry. When you get the confirmation msg, click OK and reboot.

Thanks for trying, but that was not it..............

I hope i dont have to reinstall windows..