Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help my computer has been hijacked or infected?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help my computer has been hijacked or infected?

Unread postby ArthurP » April 7th, 2008, 4:44 pm

Hi

Apologies for any non technical words here...

My computer appears to have been hijacked or infected which results in the following happening:

- after a few mins of using the internet explorer it freezes and comes up with the webpage is unavailable - although I am able to use my OH's work laptop on the same internet connection with no problems
- We are unable to restore to a restore point
- Running the virus vault shows 8 viruses: including 6 x trojan horse clickers, 1 x trojan horse downloader purityscan.AG and 1 x virus id packed.Themida

Help........I've run the HijackThis software which results in:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:03, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Status Monitor CLJ1500] C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {28DF37EA-A0FC-4AA2-AEF8-880737864404} (eDVRMonCtrl Class) - https://members.nurserycam.co.uk/eDVRLiveViewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://sell-vehicle.ebay.co.uk/images/e ... 0-3-50.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1145196b232 ... xIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 9960078984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9753844750
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.truprint.co.uk/TruprintUpload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/gba2218.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13784 bytes


Once again any help is more than apprecaited
ArthurP
Active Member
 
Posts: 12
Joined: April 7th, 2008, 3:53 pm
Advertisement
Register to Remove

Re: Help my computer has been hijacked or infected?

Unread postby random/random » April 10th, 2008, 5:15 pm

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/gba2218.exe

Then close all windows except HijackThis and click Fix Checked

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post back with the Malwarebytes' Anti-Malware log and a new HijackThis log.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: Help my computer has been hijacked or infected?

Unread postby ArthurP » April 11th, 2008, 2:45 am

Thank you for your post and your help.

I'll do as advised this evening and post back to you.

Thanks again A
ArthurP
Active Member
 
Posts: 12
Joined: April 7th, 2008, 3:53 pm

Re: Help my computer has been hijacked or infected?

Unread postby ArthurP » April 12th, 2008, 3:40 am

Hi

I've run and done what you have suggested and I've attached the Hijack Log and the Malwarebytes log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:32:09, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.EXE
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Status Monitor CLJ1500] C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {28DF37EA-A0FC-4AA2-AEF8-880737864404} (eDVRMonCtrl Class) - https://members.nurserycam.co.uk/eDVRLiveViewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://sell-vehicle.ebay.co.uk/images/e ... 0-3-50.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1145196b232 ... xIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 9960078984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9753844750
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.truprint.co.uk/TruprintUpload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13800 bytes


Malwarebyte Log:

Malwarebytes' Anti-Malware 1.11
Database version: 615

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 477872
Time elapsed: 4 hour(s), 16 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Simon\Application Data\ultra (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Application Data\drvcleaner.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon\Application Data\ultra\uninstall.bat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> Quarantined and deleted successfully.


Thanks again for your assistance.

Regards A
ArthurP
Active Member
 
Posts: 12
Joined: April 7th, 2008, 3:53 pm

Re: Help my computer has been hijacked or infected?

Unread postby random/random » April 12th, 2008, 6:03 am

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

R3 - URLSearchHook: (no name) - - (no file)

Then close all windows except HijackThis and click Fix Checked

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new HijackThis log and description of any remaining problems.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: Help my computer has been hijacked or infected?

Unread postby ArthurP » April 12th, 2008, 11:00 am

Hi there again.

I have now carried out your latest set of instructions. the logfile from EsetOnline reads as follows

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3020 (20080411)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=b3999840331d5b40b089ecf9e855909c
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-04-12 01:57:59
# local_time=2008-04-12 02:57:59 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=1208877
# found=7
# scan_time=11885
C:\Documents and Settings\Owner\Application Data\privprotect.exe Win32/Adware.WinFixer application 7E2F2132CE71B02AE19BA6BDE0F3D529
C:\Documents and Settings\Simon\Application Data\drvcleaner.exe a variant of Win32/Adware.WinFixer application 228833C8D483A905008552AF2973067B
C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-3677b51f-7adad27d.class Java/TrojanDownloader.OpenStream.NAC trojan E4DEF9504FB160D876CA9A45D01E87D2
C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-1492db44-29507118.zip Java/TrojanDownloader.OpenStream.NAB trojan 5BABF8ACE8478245B729DE3314845E2B
C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-1492db44-29507118.zip »ZIP »OP.class Java/TrojanDownloader.OpenStream.NAB trojan 00000000000000000000000000000000
C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-17c21238-7d2ab908.zip Win32/Adware.SpySheriff application D1951BF3BCB329F93FC2474F7B689A73
C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-17c21238-7d2ab908.zip »ZIP »OP.class Win32/Adware.SpySheriff application 00000000000000000000000000000000


And here is the log from HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:44, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Status Monitor CLJ1500] C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {28DF37EA-A0FC-4AA2-AEF8-880737864404} (eDVRMonCtrl Class) - https://members.nurserycam.co.uk/eDVRLiveViewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://sell-vehicle.ebay.co.uk/images/e ... 0-3-50.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1145196b232 ... xIE601.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 9960078984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9753844750
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.truprint.co.uk/TruprintUpload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13924 bytes


I've closed down the PC and re-booted. Internet Explorer runs for around 5 minutes and then stops working again.

Many thanks for your continued help in this problem - much appreciated. Look forward to your reply

Cheers
ArthurP
Active Member
 
Posts: 12
Joined: April 7th, 2008, 3:53 pm

Re: Help my computer has been hijacked or infected?

Unread postby random/random » April 12th, 2008, 6:02 pm

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    C:\Documents and Settings\Owner\Application Data\privprotect.exe
    C:\Documents and Settings\Simon\Application Data\drvcleaner.exe
    C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-3677b51f-7adad27d.class
    C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-1492db44-29507118.zip
    C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-1492db44-29507118.zip
    C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-17c21238-7d2ab908.zip
    C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-17c21238-7d2ab908.zip
    

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post, along with a new HijackThis log.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: Help my computer has been hijacked or infected?

Unread postby ArthurP » April 13th, 2008, 8:29 am

Hi there again

Here's the Results from OTMoveIt2

C:\Documents and Settings\Owner\Application Data\privprotect.exe moved successfully.
C:\Documents and Settings\Simon\Application Data\drvcleaner.exe moved successfully.
C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-3677b51f-7adad27d.class moved successfully.
C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-1492db44-29507118.zip moved successfully.
File/Folder C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-1492db44-29507118.zip not found.
C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-17c21238-7d2ab908.zip moved successfully.
File/Folder C:\Documents and Settings\Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-17c21238-7d2ab908.zip not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04132008_132637



And here's the log from HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:30, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.EXE
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Owner\Desktop\OTMoveIt2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Status Monitor CLJ1500] C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {28DF37EA-A0FC-4AA2-AEF8-880737864404} (eDVRMonCtrl Class) - https://members.nurserycam.co.uk/eDVRLiveViewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://sell-vehicle.ebay.co.uk/images/e ... 0-3-50.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1145196b232 ... xIE601.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 9960078984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9753844750
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.truprint.co.uk/TruprintUpload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14111 bytes


Many thanks again for your help and patience!

Cheers
Anne
ArthurP
Active Member
 
Posts: 12
Joined: April 7th, 2008, 3:53 pm

Re: Help my computer has been hijacked or infected?

Unread postby random/random » April 13th, 2008, 9:00 am

How is your PC running now?
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: Help my computer has been hijacked or infected?

Unread postby ArthurP » April 13th, 2008, 9:39 am

Hi

I've still only got internet explorer for around 5 minutes or so before it crashes once again, with the same response that "Internet Explorer cannot display the webpage"

Regards
Anne
ArthurP
Active Member
 
Posts: 12
Joined: April 7th, 2008, 3:53 pm

Re: Help my computer has been hijacked or infected?

Unread postby random/random » April 13th, 2008, 10:54 am

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: Help my computer has been hijacked or infected?

Unread postby ArthurP » April 13th, 2008, 11:35 am

Thanks again.

Just run th Deckard Scan and here are the results:


Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-13 16:22:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
164: 2008-04-13 15:22:45 UTC - RP939 - Deckard's System Scanner Restore Point
163: 2008-04-13 09:56:31 UTC - RP938 - Installed EditVoicepack
162: 2008-04-13 09:56:05 UTC - RP937 - Removed EditVoicepack
161: 2008-04-13 09:50:15 UTC - RP936 - Installed EditVoicepack
160: 2008-04-13 09:49:40 UTC - RP935 - Removed EditVoicepack


-- First Restore Point --
1: 2008-01-14 17:44:36 UTC - RP776 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26:06, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Status Monitor CLJ1500] C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {28DF37EA-A0FC-4AA2-AEF8-880737864404} (eDVRMonCtrl Class) - https://members.nurserycam.co.uk/eDVRLiveViewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://sell-vehicle.ebay.co.uk/images/e ... 0-3-50.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1145196b232 ... xIE601.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 9960078984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9753844750
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.truprint.co.uk/TruprintUpload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13987 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080411-195550-738 O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/gba2218.exe
backup-20080412-113747-861 R3 - URLSearchHook: (no name) - - (no file)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S2 ADEFDXOF - c:\windows\system32\adefdxof.wmk (file missing)
S2 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys (file missing)
S3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys (file missing)
S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 IJPLMSVC (PIXMA Extended Survey Program) - c:\program files\canon\ijplm\ijplmsvc.exe <Not Verified; ; IJPLMSVC>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&2E9A5DB2&0&10F0
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&2E9A5DB2&0&10F0
Service: rtl8139


-- Scheduled Tasks -------------------------------------------------------------

2008-04-07 20:12:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-07 09:00:02 406 --ah----- C:\WINDOWS\Tasks\{BB9D9E23-FD0A-4FEB-8751-63919049E38D}_LINSELL-FAMILY_Owner.job
2008-04-04 16:00:00 406 --ah----- C:\WINDOWS\Tasks\{C679F535-ADE0-4C02-AA50-6F31A7B9BB25}_LINSELL-FAMILY_Owner.job
2008-04-04 16:00:00 406 --ah----- C:\WINDOWS\Tasks\{9986E120-0662-4A33-8C78-582A42200C9B}_LINSELL-FAMILY_Owner.job


-- Files created between 2008-03-13 and 2008-04-13 -----------------------------

2008-04-12 20:45:40 0 d-------- C:\Program Files\FSBuild
2008-04-12 20:44:35 73728 -----n--- C:\WINDOWS\system32\DBCTIF32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:35 135168 -----n--- C:\WINDOWS\system32\DBCMEM32.DLL <Not Verified; ; DBCMEM32 Dynamic Link Library>
2008-04-12 20:44:35 184320 -----n--- C:\WINDOWS\system32\dbcmdb32.dll <Not Verified; ; DBCMDB32 Dynamic Link Library>
2008-04-12 20:44:35 36864 -----n--- C:\WINDOWS\system32\dbcmdb2000.dll <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:34 65536 -----n--- C:\WINDOWS\system32\DBCLST32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:34 141824 -----n--- C:\WINDOWS\system32\dbcjpg32.dll <Not Verified; ; DBCJPG32 Dynamic Link Library>
2008-04-12 20:44:34 73728 -----n--- C:\WINDOWS\system32\dbcgeo32.dll <Not Verified; ; DBCGEO32 Dynamic Link Library>
2008-04-12 20:44:34 65536 -----n--- C:\WINDOWS\system32\DBCGDI32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:34 241664 -----n--- C:\WINDOWS\system32\DBCDXD32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:34 356352 -----n--- C:\WINDOWS\system32\DBCDWG32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:34 1441792 -----n--- C:\WINDOWS\system32\DBCDLL32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:34 102400 -----n--- C:\WINDOWS\system32\DBCDIB32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:33 204800 -----n--- C:\WINDOWS\system32\DBCDBF32.DLL <Not Verified; ; DBCDBF32 Dynamic Link Library>
2008-04-12 11:39:02 0 d-------- C:\Program Files\EsetOnlineScanner
2008-04-11 19:58:00 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-11 19:57:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 19:57:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 19:40:23 0 d-------- C:\Program Files\Sun
2008-04-11 19:37:27 0 d-------- C:\Program Files\Common Files\Java
2008-04-07 20:43:20 0 d-------- C:\Program Files\Trend Micro
2008-04-06 11:21:10 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\AVG7
2008-04-06 11:09:14 0 dr------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Favorites
2008-04-06 11:09:14 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Desktop
2008-04-06 11:09:14 0 d--hs---- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Cookies
2008-04-06 11:09:14 0 dr-h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data
2008-04-06 11:09:14 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\Symantec
2008-04-06 11:09:14 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\Sun
2008-04-06 11:09:14 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\SampleView
2008-04-06 11:09:14 0 d---s---- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\Microsoft
2008-04-06 11:09:14 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\Intervideo
2008-04-06 11:09:14 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\Identities
2008-04-06 11:09:13 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\WINDOWS
2008-04-06 11:09:13 0 d--h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Templates
2008-04-06 11:09:13 0 dr------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Start Menu
2008-04-06 11:09:13 0 dr-h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\SendTo
2008-04-06 11:09:13 0 dr-h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Recent
2008-04-06 11:09:13 0 d--h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\PrintHood
2008-04-06 11:09:13 0 d--h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\NetHood
2008-04-06 11:09:13 0 dr------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\My Documents
2008-04-06 11:09:13 0 d--h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Local Settings
2008-04-06 11:09:12 2097152 --ah----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\NTUSER.DAT
2008-04-05 23:32:58 0 d-------- C:\Documents and Settings\Simon\Application Data\MailFrontier
2008-04-05 23:30:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Bamzooki
2008-04-05 23:30:01 0 d-------- C:\Program Files\BAMZOOKi
2008-04-05 23:21:30 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Application Data\Intervideo
2008-04-05 23:21:29 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Templates
2008-04-05 23:21:29 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Local Settings
2008-04-05 23:21:29 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Favorites
2008-04-05 23:21:29 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Cookies
2008-04-05 23:21:29 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Application Data
2008-04-05 23:21:29 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Application Data\Microsoft
2008-04-05 23:21:28 1310720 --ah----- C:\Documents and Settings\Administrator.LINSELL-FAMILY\NTUSER.DAT
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intervideo
2008-04-05 20:13:37 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-05 18:33:59 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-04 15:17:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-03 20:40:23 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-03 19:38:08 0 d-------- C:\Program Files\Star Alliance TravelDesk
2008-04-02 22:24:18 0 d-------- C:\WINDOWS\Aviograsf
2008-03-31 21:47:27 0 d-------- C:\Program Files\MSECache
2008-03-30 20:56:16 8912896 --a------ C:\Documents and Settings\Simon\ntuser.dat
2008-03-30 20:56:14 438272 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-03-24 21:22:13 0 d-------- C:\Program Files\Safari
2008-03-19 09:48:25 0 d-------- C:\Documents and Settings\Simon\Application Data\DNA
2008-03-19 09:48:23 0 d-------- C:\Program Files\DNA
2008-03-19 08:29:40 0 d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-03-19 08:19:45 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-19 08:19:31 0 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-03-19 08:19:05 0 d--h----- C:\Program Files\CanonBJ
2008-03-14 14:30:18 0 d-------- C:\Program Files\Flight1 Downloader
2008-03-13 23:02:59 0 d-------- C:\Program Files\texture
2008-03-13 23:02:59 0 d-------- C:\Program Files\scenery


-- Find3M Report ---------------------------------------------------------------

2008-04-12 17:07:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-12 08:36:28 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-04-11 19:40:11 0 d-------- C:\Program Files\Java
2008-04-11 19:37:27 0 d-------- C:\Program Files\Common Files
2008-04-05 23:33:48 0 d-------- C:\Program Files\oneworldflights
2008-04-05 23:33:11 0 d-------- C:\Program Files\Star Alliance Electronic Timetable
2008-04-05 18:21:07 0 d-------- C:\Program Files\Spyware Doctor
2008-04-04 21:35:24 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-20 22:42:55 0 d-------- C:\Program Files\BitTorrent
2008-03-20 22:30:27 0 d-------- C:\Program Files\SkyTeam Travel Timetable
2008-03-19 09:48:19 0 d-------- C:\Program Files\BitTorrent_DNA
2008-03-19 08:29:35 0 d-------- C:\Program Files\Canon
2008-03-16 15:49:03 729088 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-13 23:04:05 286720 --a------ C:\WINDOWS\iun506.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2008-03-12 10:41:12 0 d-------- C:\Program Files\Windows Live
2008-03-12 10:40:39 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-04 21:51:16 0 d-------- C:\Program Files\iTunes
2008-03-04 21:51:01 0 d-------- C:\Program Files\iPod
2008-02-18 21:59:20 0 d-------- C:\Program Files\QuickTime
2008-02-18 18:01:21 0 d-------- C:\Program Files\Letts
2008-02-15 16:54:56 0 d-------- C:\Program Files\Google
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 15:11:26 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-02-02 17:23:27 1328 --a------ C:\FSUIPC_reg.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
10/02/2008 15:11 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [10/02/2008 15:11 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 17:04]
"KBD"="C:\HP\KBD\KBD.EXE" [11/02/2003 20:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/04/2004 21:43]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [04/03/2005 12:01 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [12/09/2003 20:13]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [21/04/2004 22:00]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 02:01]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 23:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"Status Monitor CLJ1500"="C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe" [05/06/2003 12:34]
"SoundMan"="SOUNDMAN.EXE" [06/04/2005 18:57 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [06/04/2005 18:53 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [12/04/2005 01:10 C:\WINDOWS\ALCMTR.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/12/2007 20:15]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 18:17]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [27/11/2007 12:58]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 17:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [15/05/2007 02:01]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 02:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe" [02/01/2004 01:59]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"LDM"="\Program\BackWeb-8876480.exe" []
"Spyware Doctor"="C:\PROGRA~1\SPYWAR~2\swdoctor.exe" [22/09/2007 21:01]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [15/11/2005 19:44]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [23/11/2007 08:04]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [27/11/2007 12:58]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [09/11/2004 21:59:10]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [21/11/2005 21:07:20]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [09/11/2004 22:51:45]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3a4a742-05a5-11db-8f85-0030f1e0fb33}]
AutoRun\command- N:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-04-13 16:27:30 ------------



And here's the results of the 'extra' notepad comments


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.40GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.40GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 1023.29 MiB / 411.06 MiB
Pagefile Memory (total/avail): 2462.73 MiB / 1917.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.02 MiB

C: is Fixed (NTFS) - 229 GiB total, 131.05 GiB free.
D: is Fixed (FAT32) - 3.87 GiB total, 0.65 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 7Y250M0 - 232.88 GiB - 2 partitions
\PARTITION0 - Unknown - 3.88 GiB - D:
\PARTITION1 (bootable) - Installable File System - 229 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.0.462.000 (Check Point, LTD.)
AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Advanced Voice Client\\roger.exe"="C:\\Program Files\\Advanced Voice Client\\roger.exe:*:Enabled:Roger Wilco"
"C:\\Program Files\\Advanced Voice Client\\avc.exe"="C:\\Program Files\\Advanced Voice Client\\avc.exe:*:Enabled:Advanced Voice Client"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\PSS\\Airbus A3XX\\A330FuelPlanner.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\PSS\\Airbus A3XX\\A330FuelPlanner.exe:*:Enabled:A330 Fuel Planner Utility"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\FS9.EXE"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\FS9.EXE:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\ASRC\\asrc.exe"="C:\\Program Files\\ASRC\\asrc.exe:*:Enabled:ASRC executable"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\Program Files\\Grisoft\\AVG Free\\avgw.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgw.exe:*:Enabled:AVG Free Edition for Windows"
"C:\\Program Files\\Grisoft\\AVG Free\\avgvv.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgvv.exe:*:Enabled:AVG Free Virus Vault"
"C:\\Program Files\\Hewlett-Packard\\CLJ1500\\Toolbox\\HPPOUMUI.exe"="C:\\Program Files\\Hewlett-Packard\\CLJ1500\\Toolbox\\HPPOUMUI.exe:*:Disabled:Language Monitor UI"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LINSELL-FAMILY
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\LINSELL-FAMILY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft USB Flash Drive Manager\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;V5.00;C:\WINDOWS\LHSP
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
tvdumpflags=10
USERDOMAIN=LINSELL-FAMILY
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Simon (admin)
Alice
Henry
Administrator.LINSELL-FAMILY.000 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
[Lebor] OLBA2002 V1.0 --> C:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\ADDON SCENERY\BEIRUT\Uninstall_OLBA2002.exe
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
50N Boeing 737 Family Base Pack 1.1.0 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Aircraft\Uninstal.exe
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5A76-5A64-7E8A45000001}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
aerosoft's - Balearen-Gibraltar - FS2004 --> "C:\Program Files\Microsoft Games\Flight Simulator 9\aerosoft\Uninstall.exe" "uninstall_Balearen-Gibraltar.ini" "C:\Program Files\Microsoft Games\Flight Simulator 9"
aerosoft's - German Airports 2 - Cologne-Bonn - FS2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46464A5D-7D14-41E3-9C26-E3C186F37D84}\Setup.exe" -uninst
aerosoft's - German Airports 3 - FS2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECE1939E-3491-409E-87B7-E7DF65E7B909}\Setup.exe" -uninst
aerosoft's - London Heathrow 2008 --> C:\Program Files\InstallShield Installation Information\{C0A6901F-C919-47A3-A4D9-E2056314086B}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
aerosoft's - Madrid-Barajas 2004 - FS2004 --> "C:\Program Files\Microsoft Games\Flight Simulator 9\uninstall_Madrid-Barajas2004.exe"
aerosoft's - Malaga - FS2004 --> "C:\Program Files\Microsoft Games\Flight Simulator 9\aerosoft\Uninstall.exe" "uninstall_Malaga.ini" "C:\Program Files\Microsoft Games\Flight Simulator 9"
aerosoft's - Mega Airport Frankfurt - FS2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4E22434-1BCE-4C91-A1E4-FC352DFD4B3B}\Setup.exe" -uninst
Agere Systems PCI Soft Modem --> agrsmdel
Airbus A330 PRO Series 2.004.01 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Microsoft Games\Flight Simulator 9\PSS\a330_uni.ini"
Airbus A340 PRO Series 2.004.01 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Microsoft Games\Flight Simulator 9\PSS\a340_uni.ini"
Airbus Pro Load Edit 1.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Microsoft Games\Flight Simulator 9\pss\airbus a3xx\irunin.ini"
Airbus PRO Series 2.004.01 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Microsoft Games\Flight Simulator 9\PSS\a3xx_uni.ini"
Airbus Series Vol.1 Deluxe (FS2004) --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstal_Airbus1_wilco.exe
Amsterdam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2874FFC3-24DA-4BE7-B122-0573CED08A98}\Setup.exe" -l0x9
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Art Attack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{526294AE-4192-4A19-9BF0-66CE5631C757}\setup.exe" -l0x9 -removeonly
ASRC --> MsiExec.exe /I{D72B7816-2616-4695-84BD-EB5D6DE75A83}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BAMZOOKi v3.1 (build 115.158) --> "C:\Program Files\BAMZOOKi\unins000.exe"
BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Ben Gurion Airport 2006 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstal.exe
BlogTorrent beta-0.91 --> "C:\Program Files\BlogTorrent\uninstall.exe"
Boeing 757 Professional 2006 --> "C:\WINDOWS\Boeing 757 Professional 2006\uninstall.exe" "/U:C:\WINDOWS\Boeing 757 Professional 2006\Uninstall\uninstall.xml"
British Airways Flights --> C:\DOCUME~1\ALLUSE~1\APPLIC~1\innovata\BRITIS~1\Unwise32.exe /A C:\DOCUME~1\ALLUSE~1\APPLIC~1\innovata\BRITIS~1\install.log
Canon iP3500 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series /L0x0009
Canon iP3500 series User Registration --> C:\Program Files\Canon\IJEREG\iP3500 series\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon S330 --> C:\WINDOWS\system32\CNMCP45.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S330 Installer\Inst\DeIsL1.isu" -pCanon S330-c"C:\BJPrinter\CNMWINDOWS\Canon S330 Installer\Inst\bjinst.dll
Canon Utilities Easy-PhotoPrint --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"
Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Carenado Mooney M20J --> C:\Program Files\Microsoft Games\Flight Simulator 9\UNCARMOONEY.exe
Children's Encyclopedia --> C:\WINDOWS\C:\WINDOWS\uninst.exe -r"DK Multimedia\Children's Encyclopedia\1.1.0" -n"Children's Encyclopedia" -fC:\PROGRA~1\DKMULT~1\CHILDR~1\DeIsL1.isu -cC:\PROGRA~1\DKMULT~1\CHILDR~1\uninst.dll
CLOUD9 Amsterdam 1.04 upd --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8574E9D2-B5B4-4254-A7DD-B4B3DD37C0C9}\Setup.exe" -l0x9
Continental Airlines Timetable --> MsiExec.exe /X{884ACC8E-FE0E-4CA7-AE93-08435BD5A0A9}
Dash 8Q-300 by fanda v1.004 --> C:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\Uninstal.exe
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DUBAÏ 2004 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\dubai\Uninstal.exe
DUBAÏ landclass --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\dubclass\Uninstal.exe
DUBAÏ mesh --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\dubmesh\Uninstal.exe
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
EditVoicepack --> MsiExec.exe /I{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Europress Key Stage 2 English (7-9) --> MsiExec.exe /X{C9C6C3E4-A8C5-11D8-817F-004095301BDA}
Europress Key Stage 2 Maths (7-9) --> MsiExec.exe /X{17A03B83-A7F6-11D8-817F-004095301BDA}
Europress Key Stage 2 Science (7-9) --> MsiExec.exe /X{3B1E4B09-A8CE-11D8-817F-004095301BDA}
FDC Update Version 1.6 --> C:\PROGRA~1\FDC\UNWISE.EXE C:\PROGRA~1\FDC\INSTALL.LOG
FeelThere PIC ERJ-145LR 1.1a --> C:\Program Files\Microsoft Games\Flight Simulator 9\picerj145lr-uninst.exe
FinePixViewer Ver.4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FlightSim Commander 7.4 --> C:\PROGRA~1\FSC\UNWISE.EXE C:\PROGRA~1\FSC\INSTALL.LOG
FRP 2004 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\frp2004\Uninstal.exe
FS Real Time v1.73.1 --> C:\WINDOWS\iun6002.exe "C:\Program Files\FS Real Time\irunin.ini"
FS2Crew: 737 Professional Edition Upgrade 3 --> C:\Program Files\Microsoft Games\Flight Simulator 9\FS2Crew\FS2Crew_737 Professional Edition\Uninstal.exe
FSBoarding 2.2 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\FSBoarding\ST6UNST.LOG"
FSBuild 2 --> C:\Program Files\FSBuild\UnInstall_19636.exe
FSDreamTeam Zurich9 1.2 --> "C:\Program Files\Microsoft Games\Flight Simulator 9\unins000.exe"
FSNavigator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F76FF6D-B992-4FD9-8686-F09F868B2C58}\Setup.exe" -l0x9
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Fun Pack Uninstaller --> C:\WINDOWS\uninst.exe -fC:\FunPack\DeIsL1.isu
GAP Mega Pack --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstall GAP Mega Pack.exe
GAP_LGZA 2006 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstal.exe
getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Greatest Airliners 1.0.0 --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\FS2002\Flt173410uni.ini
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Horrible Science --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D049E2F-F15E-40A7-BEDD-CF3C84C6C720}\setup.exe" -l0x9 -removeonly
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp color LaserJet 1500 --> MsiExec.exe /I{5DB7F50E-0649-4347-B003-8CEFBFB9D9D1}
iFly 747-400 --> MsiExec.exe /I{CD5EDC95-46C4-4008-8513-3BA826EAC374}
iFly 747-400 Service Pack 1 --> MsiExec.exe /I{C983A158-02BF-44DA-80D8-40FFC1CB9BA1}
iFly 747-400 Service Pack 2 --> MsiExec.exe /I{B99CFFDC-B34D-495A-9664-D277CCA45AF5}
iFly 747-400 Service Pack 3 --> MsiExec.exe /I{73C59104-74E1-453B-9813-1D05F5AF4CBE}
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
International Cricket Captain 2006 Ashes --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94B85F28-84EE-42C8-8CED-FFBA35DBA670}\setup.exe" -l0x9 -removeonly
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
ISD PROJECT LIML2004 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\Milan Linate\Uninstal.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Development Kit 6 Update 5 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160050}
Just Flight Concorde Professional v1.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD87EC89-D798-42F1-B58A-6178C231BEFE}\setup.exe" -l0x9
KBD --> C:\HP\KBD\KBD.EXE uninstalled
KLGA La Guardia --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstall KLGA.exe
KMSP v1.1.1 for FS2004 --> MsiExec.exe /I{98297A57-368B-4FC3-A236-5BDEBB0C3702}
KS2 Maths National Tests --> MsiExec.exe /I{699BDDDE-8F09-4CF3-AAD5-A6BA0E996198}
LAGO Budapest 2004 Version 2.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91050E67-636C-4B65-8DEA-4196A8127E6B}\Setup.exe" -l0x9
LAGO MADDOG 1.50 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstall Maddog 1.50.exe
LAGO MADDOG EGPWS --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstall Maddog EGPWS.exe
LAGO MADDOG SP 1.51 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstall Maddog SP 1.51.exe
LAGO MD80 Maddog --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68E6D7F3-1CA0-478C-8037-EBA5391B05E2}\Setup.exe" -l0x9
Level-D Simulations 767-300 --> C:\Program Files\Microsoft Games\Flight Simulator 9\UnLvld767.exe
Logical Journey of the Zoombinis V1.1.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Broderbund Software\Zoombi32\DeIsL2.isu"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Print Studio 2001 --> MsiExec.exe /I{F3BF1670-5541-45A2-AFD3-2AA2E9754EEE}
Microsoft USB Flash Drive Manager --> MsiExec.exe /I{3F8EB641-6AD2-45DE-A8DD-91D7BDD39CDE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MicroStaff WINASPI NT --> C:\MWASPINT\uninst.exe
Monopoly Junior --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly Junior\Uninst.isu"
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\mtbs.exe c
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Music Library --> MsiExec.exe /I{03CC2830-B641-4678-8908-D5E63DAFC3D2}
Navman SmartST Desktop for iCN530 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78DAD7A3-EA94-456A-8872-41FED394B87E}\expand.exe" -l0x9 -removeonly
oneworld Timetables --> C:\PROGRA~1\ONEWOR~2\Unwise32.exe /A C:\PROGRA~1\ONEWOR~2\install.log
Our Lady of Lebanon for FS2004 (by Jad Abizeid) --> C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Uninstal_LeborHarissa.exe
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PIXMA Extended Survey Program --> C:\Program Files\Canon\IJPLM\SETUP.EXE -R
PMDG_747-400_Sound_Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2758F387-D016-4725-9D03-AB039364DF3D}\setup.exe" -l0x9 -removeonly
PMDG747_400 Queen of the Skies --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97679567-0095-464E-B5F2-E218A1CF3421}\setup.exe" -l0x9 -removeonly
PMDG747_400F --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{164360E5-0AAD-48AD-8A36-3F8A859FAB6F}\setup.exe" -l0x9 -removeonly
Power Rangers Ninja Storm Screen Saver --> C:\WINDOWS\Power Rangers Ninja Storm.scr /u
Presario PC Help --> C:\PROGRA~1\PRESAR~1\UNWISE.EXE C:\PROGRA~1\PRESAR~1\INSTALL.LOG
PROCIO --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\PROCIO\ST6UNST.LOG"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
PSS Airbus A330 v1.2 [FSSR] --> C:\PROGRA~1\MI9A48~1\FLIGHT~1\Pss\UNWISE.EXE C:\PROGRA~1\MI9A48~1\FLIGHT~1\Pss\INSTALL2.LOG
PSS Airbus A340 v1.2 [FSSR] --> C:\PROGRA~1\MI9A48~1\FLIGHT~1\Pss\UNWISE.EXE C:\PROGRA~1\MI9A48~1\FLIGHT~1\Pss\INSTALL.LOG
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QANTIM - Qantas Travel Itinerary Manager --> C:\PROGRA~1\QANTIM\UNWISE.EXE C:\PROGRA~1\QANTIM\INSTALL.LOG
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Reader Rabbit Personalised Nursery --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Reader Rabbit Personalised Nursery\Uninst.isu"
Reader Rabbit Personalised Year 1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Reader Rabbit Personalised Year 1\Uninst.isu"
Ready for Pushback V2_10 Full Version --> C:\Program Files\Microsoft Games\Flight Simulator 9\RFP_V2_Upgrade_Unistaller.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Remove UK2000 Birmingham files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\uk2000 scenery\UK2000 Birmingham\irunin.ini
Remove UK2000 Bristol Xtreme files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 Bristol Xtreme\irunin.ini
Remove UK2000 East Midlands files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\uk2000 scenery\UK2000 East Midlands\irunin.ini
Remove UK2000 Edinburgh FREE files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 Edinburgh FREE\irunin.ini
Remove UK2000 Edinburgh Xtreme files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 Edinburgh Xtreme\irunin.ini
Remove UK2000 Gatwick files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\uk2000 scenery\UK2000 Gatwick\irunin.ini
Remove UK2000 Gatwick Pro files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 Gatwick Pro\irunin.ini
Remove UK2000 Gatwick Xtreme files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 Gatwick Xtreme\irunin.ini
Remove UK2000 Glasgow Xtreme files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 Glasgow Xtreme\irunin.ini
Remove UK2000 Stansted Xtreme files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\Stansted\\UK2000 Stansted Xtreme\irunin.ini
Saddle Up --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D33531F0-F0F0-4FA9-B3EC-88CB69F178D0}\Setup.exe" -l0x9
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Saxon_v23_uk --> C:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\ADDON SCENERY\LEIPZIG\Uninstal.exe
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SkyTeam Travel Timetable --> "C:\Program Files\SkyTeam Travel Timetable\unins000.exe"
Sofia Airport v1.0 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\Sofia\Uninstal.exe
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SopCore 1.1.2 --> C:\Program Files\SopCast\uninst.exe
Spider-Man 2 Demo --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6F1EC187-3C90-4CC5-A567-ADC4DC31CD61}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 4.0 --> "C:\Program Files\Spyware Doctor\unins000.exe"
SquawkBox 3 --> C:\Program Files\SquawkBox3\sbuninstall.exe SquawkBox 3
Star Alliance Electronic Timetable --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Star Alliance Electronic Timetable\Uninst.isu"
Star Wars 3D Screensaver 1.3 --> "C:\Program Files\Star Wars 3D Screensaver\unins000.exe"
Tehran Scenery 2003 --> C:\WINDOWS\unvise32.exe C:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\ADDON SCENERY\uninstal.log
The Very Singapore --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\Singapore\Uninstal.exe
Thomas & Friends - The Great Festival Adventure --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\The Great Festival Adventure\Uninst.isu"
Toy Story 2 ToyShelf_Cone --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\TOYSTO~1\DeIsL1.isu
TTS_Technology --> MsiExec.exe /I{AC696733-F8C5-4EAD-B165-AC8AB8C2A755}
Ultimate Traffic --> C:\WINDOWS\iun6002.exe "C:\Program Files\Microsoft Games\Flight Simulator 9\UT13.ini"
Version 1.0 --> "C:\Program Files\Real Environment Pro\unins000.exe"
Weather Maker Pro 4.9 --> MsiExec.exe /I{D2624C4A-A200-437B-8DA9-7764A31CB1AA}
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
Zoombinis Mountain Rescue(TM) --> C:\Program Files\The Learning Company\Zoombinis Mountain Rescue\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type39964 / Error
Event Submitted/Written: 04/13/2008 04:21:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type39957 / Success
Event Submitted/Written: 04/13/2008 04:20:42 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type39950 / Error
Event Submitted/Written: 04/13/2008 04:16:14 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application EditVoicepack.exe, version 3.1.1750.19464, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type39932 / Success
Event Submitted/Written: 04/13/2008 01:24:42 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type39894 / Error
Event Submitted/Written: 04/12/2008 08:40:58 PM
Event ID/Source: 0 /
Event Description:
7



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type952437 / Error
Event Submitted/Written: 04/13/2008 04:27:29 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053

Event Record #/Type952436 / Error
Event Submitted/Written: 04/13/2008 04:27:29 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.

Event Record #/Type952435 / Error
Event Submitted/Written: 04/13/2008 04:27:27 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053

Event Record #/Type952434 / Error
Event Submitted/Written: 04/13/2008 04:27:27 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.

Event Record #/Type952433 / Error
Event Submitted/Written: 04/13/2008 04:27:25 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053



-- End of Deckard's System Scanner: finished at 2008-04-13 16:27:30 ------------


Many thanks for you continued help

Anne
ArthurP
Active Member
 
Posts: 12
Joined: April 7th, 2008, 3:53 pm

Re: Help my computer has been hijacked or infected?

Unread postby random/random » April 13th, 2008, 6:10 pm

  • Go to start>run
  • Copy & paste this into the box
    "%userprofile%\desktop\dss.exe" /DAFT
  • Click OK
  • Place a checkmark next to the following entries (if present)
    .reg
    .scr
  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt
  • Copy & paste the contents of that logfile as a reply to this topic

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Copy the contents of the following codebox to a notepad window

Code: Select all
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 


Save it to the desktop as fix.reg, making sure save as type is set to all files

Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt

Go to Start > Run... and copy/paste the text below into the Runbox:

Code: Select all
"%userprofile%\desktop\dss.exe" /config


A window will open. Click on Check All, then click Scan!.

When it has finished, Deckard's System Scanner will open two Notepad files: main.txt and extra.txt- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: Help my computer has been hijacked or infected?

Unread postby ArthurP » April 14th, 2008, 5:26 am

As instructed:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-14 10:09:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
164: 2008-04-13 15:22:45 UTC - RP939 - Deckard's System Scanner Restore Point
163: 2008-04-13 09:56:31 UTC - RP938 - Installed EditVoicepack
162: 2008-04-13 09:56:05 UTC - RP937 - Removed EditVoicepack
161: 2008-04-13 09:50:15 UTC - RP936 - Installed EditVoicepack
160: 2008-04-13 09:49:40 UTC - RP935 - Removed EditVoicepack


-- First Restore Point --
1: 2008-01-14 17:44:36 UTC - RP776 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:50, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Owner\desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Status Monitor CLJ1500] C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {28DF37EA-A0FC-4AA2-AEF8-880737864404} (eDVRMonCtrl Class) - https://members.nurserycam.co.uk/eDVRLiveViewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://sell-vehicle.ebay.co.uk/images/e ... 0-3-50.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1145196b232 ... xIE601.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 9960078984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9753844750
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.truprint.co.uk/TruprintUpload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14311 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080411-195550-738 O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/gba2218.exe
backup-20080412-113747-861 R3 - URLSearchHook: (no name) - - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S2 ADEFDXOF - c:\windows\system32\adefdxof.wmk (file missing)
S2 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys (file missing)
S3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys (file missing)
S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 IJPLMSVC (PIXMA Extended Survey Program) - c:\program files\canon\ijplm\ijplmsvc.exe <Not Verified; ; IJPLMSVC>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&2E9A5DB2&0&10F0
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&2E9A5DB2&0&10F0
Service: rtl8139


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 896)
2006-03-01 08:34:56 85216 --a------ C:\Program Files\Spyware Doctor\tools\eg.dat

C:\WINDOWS\system32\svchost.exe (pid 1124)
2006-03-01 08:34:56 85216 --a------ C:\Program Files\Spyware Doctor\tools\eg.dat

C:\WINDOWS\system32\svchost.exe (pid 1200)
2006-03-01 08:34:56 85216 --a------ C:\Program Files\Spyware Doctor\tools\eg.dat

C:\WINDOWS\system32\svchost.exe (pid 1240)
2006-03-01 08:34:56 85216 --a------ C:\Program Files\Spyware Doctor\tools\eg.dat

C:\WINDOWS\system32\svchost.exe (pid 1328)
2006-03-01 08:34:56 85216 --a------ C:\Program Files\Spyware Doctor\tools\eg.dat

C:\WINDOWS\system32\svchost.exe (pid 1356)
2006-03-01 08:34:56 85216 --a------ C:\Program Files\Spyware Doctor\tools\eg.dat

C:\WINDOWS\system32\svchost.exe (pid 1896)
2006-03-01 08:34:56 85216 --a------ C:\Program Files\Spyware Doctor\tools\eg.dat

C:\WINDOWS\system32\svchost.exe (pid 268)
2006-03-01 08:34:56 85216 --a------ C:\Program Files\Spyware Doctor\tools\eg.dat

C:\WINDOWS\system32\svchost.exe (pid 780)
2006-03-01 08:34:56 85216 --a------ C:\Program Files\Spyware Doctor\tools\eg.dat

C:\WINDOWS\explorer.exe (pid 316)
2006-03-01 08:34:56 85216 --a------ C:\Program Files\Spyware Doctor\tools\eg.dat


-- Scheduled Tasks -------------------------------------------------------------

2008-04-07 20:12:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-07 09:00:02 406 --ah----- C:\WINDOWS\Tasks\{BB9D9E23-FD0A-4FEB-8751-63919049E38D}_LINSELL-FAMILY_Owner.job
2008-04-04 16:00:00 406 --ah----- C:\WINDOWS\Tasks\{C679F535-ADE0-4C02-AA50-6F31A7B9BB25}_LINSELL-FAMILY_Owner.job
2008-04-04 16:00:00 406 --ah----- C:\WINDOWS\Tasks\{9986E120-0662-4A33-8C78-582A42200C9B}_LINSELL-FAMILY_Owner.job


-- Files created between 2008-03-14 and 2008-04-14 -----------------------------

2008-04-14 10:00:18 791393 --a------ C:\Program Files\erunt-setup.exe <Not Verified; Lars Hederer; >
2008-04-12 20:45:40 0 d-------- C:\Program Files\FSBuild
2008-04-12 20:44:35 73728 -----n--- C:\WINDOWS\system32\DBCTIF32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:35 135168 -----n--- C:\WINDOWS\system32\DBCMEM32.DLL <Not Verified; ; DBCMEM32 Dynamic Link Library>
2008-04-12 20:44:35 184320 -----n--- C:\WINDOWS\system32\dbcmdb32.dll <Not Verified; ; DBCMDB32 Dynamic Link Library>
2008-04-12 20:44:35 36864 -----n--- C:\WINDOWS\system32\dbcmdb2000.dll <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:34 65536 -----n--- C:\WINDOWS\system32\DBCLST32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:34 141824 -----n--- C:\WINDOWS\system32\dbcjpg32.dll <Not Verified; ; DBCJPG32 Dynamic Link Library>
2008-04-12 20:44:34 73728 -----n--- C:\WINDOWS\system32\dbcgeo32.dll <Not Verified; ; DBCGEO32 Dynamic Link Library>
2008-04-12 20:44:34 65536 -----n--- C:\WINDOWS\system32\DBCGDI32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:34 241664 -----n--- C:\WINDOWS\system32\DBCDXD32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:34 356352 -----n--- C:\WINDOWS\system32\DBCDWG32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:34 1441792 -----n--- C:\WINDOWS\system32\DBCDLL32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:34 102400 -----n--- C:\WINDOWS\system32\DBCDIB32.DLL <Not Verified; ABACO s.r.l.; DbCAD dev>
2008-04-12 20:44:33 204800 -----n--- C:\WINDOWS\system32\DBCDBF32.DLL <Not Verified; ; DBCDBF32 Dynamic Link Library>
2008-04-12 11:39:02 0 d-------- C:\Program Files\EsetOnlineScanner
2008-04-11 19:58:00 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-11 19:57:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 19:57:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 19:40:23 0 d-------- C:\Program Files\Sun
2008-04-11 19:37:27 0 d-------- C:\Program Files\Common Files\Java
2008-04-07 20:43:20 0 d-------- C:\Program Files\Trend Micro
2008-04-06 11:21:10 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\AVG7
2008-04-06 11:09:14 0 dr------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Favorites
2008-04-06 11:09:14 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Desktop
2008-04-06 11:09:14 0 d--hs---- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Cookies
2008-04-06 11:09:14 0 dr-h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data
2008-04-06 11:09:14 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\Symantec
2008-04-06 11:09:14 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\Sun
2008-04-06 11:09:14 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\SampleView
2008-04-06 11:09:14 0 d---s---- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\Microsoft
2008-04-06 11:09:14 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\Intervideo
2008-04-06 11:09:14 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Application Data\Identities
2008-04-06 11:09:13 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\WINDOWS
2008-04-06 11:09:13 0 d--h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Templates
2008-04-06 11:09:13 0 dr------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Start Menu
2008-04-06 11:09:13 0 dr-h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\SendTo
2008-04-06 11:09:13 0 dr-h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Recent
2008-04-06 11:09:13 0 d--h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\PrintHood
2008-04-06 11:09:13 0 d--h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\NetHood
2008-04-06 11:09:13 0 dr------- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\My Documents
2008-04-06 11:09:13 0 d--h----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\Local Settings
2008-04-06 11:09:12 2097152 --ah----- C:\Documents and Settings\Administrator.LINSELL-FAMILY.000\NTUSER.DAT
2008-04-05 23:32:58 0 d-------- C:\Documents and Settings\Simon\Application Data\MailFrontier
2008-04-05 23:30:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Bamzooki
2008-04-05 23:30:01 0 d-------- C:\Program Files\BAMZOOKi
2008-04-05 23:21:30 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Application Data\Intervideo
2008-04-05 23:21:29 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Templates
2008-04-05 23:21:29 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Local Settings
2008-04-05 23:21:29 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Favorites
2008-04-05 23:21:29 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Cookies
2008-04-05 23:21:29 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Application Data
2008-04-05 23:21:29 0 d-------- C:\Documents and Settings\Administrator.LINSELL-FAMILY\Application Data\Microsoft
2008-04-05 23:21:28 1310720 --ah----- C:\Documents and Settings\Administrator.LINSELL-FAMILY\NTUSER.DAT
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-05 20:13:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intervideo
2008-04-05 20:13:37 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-05 18:33:59 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-04 15:17:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-03 20:40:23 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-03 19:38:08 0 d-------- C:\Program Files\Star Alliance TravelDesk
2008-04-02 22:24:18 0 d-------- C:\WINDOWS\Aviograsf
2008-03-31 21:47:27 0 d-------- C:\Program Files\MSECache
2008-03-30 20:56:16 8912896 --a------ C:\Documents and Settings\Simon\ntuser.dat
2008-03-30 20:56:14 438272 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-03-24 21:22:13 0 d-------- C:\Program Files\Safari
2008-03-19 09:48:25 0 d-------- C:\Documents and Settings\Simon\Application Data\DNA
2008-03-19 09:48:23 0 d-------- C:\Program Files\DNA
2008-03-19 08:29:40 0 d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-03-19 08:19:45 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-19 08:19:31 0 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-03-19 08:19:05 0 d--h----- C:\Program Files\CanonBJ
2008-03-14 14:30:18 0 d-------- C:\Program Files\Flight1 Downloader


-- Find3M Report ---------------------------------------------------------------

2008-04-12 17:07:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-12 08:36:28 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-04-11 19:40:11 0 d-------- C:\Program Files\Java
2008-04-11 19:37:27 0 d-------- C:\Program Files\Common Files
2008-04-05 23:33:48 0 d-------- C:\Program Files\oneworldflights
2008-04-05 23:33:11 0 d-------- C:\Program Files\Star Alliance Electronic Timetable
2008-04-05 18:21:07 0 d-------- C:\Program Files\Spyware Doctor
2008-04-04 21:35:24 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-20 22:42:55 0 d-------- C:\Program Files\BitTorrent
2008-03-20 22:30:27 0 d-------- C:\Program Files\SkyTeam Travel Timetable
2008-03-19 09:48:19 0 d-------- C:\Program Files\BitTorrent_DNA
2008-03-19 08:29:35 0 d-------- C:\Program Files\Canon
2008-03-16 15:49:03 729088 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-13 23:04:05 286720 --a------ C:\WINDOWS\iun506.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2008-03-13 23:03:02 0 d-------- C:\Program Files\texture
2008-03-13 23:02:59 0 d-------- C:\Program Files\scenery
2008-03-12 10:41:12 0 d-------- C:\Program Files\Windows Live
2008-03-12 10:40:39 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-04 21:51:16 0 d-------- C:\Program Files\iTunes
2008-03-04 21:51:01 0 d-------- C:\Program Files\iPod
2008-02-18 21:59:20 0 d-------- C:\Program Files\QuickTime
2008-02-18 18:01:21 0 d-------- C:\Program Files\Letts
2008-02-15 16:54:56 0 d-------- C:\Program Files\Google
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 15:11:26 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-02-02 17:23:27 1328 --a------ C:\FSUIPC_reg.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
10/02/2008 15:11 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [10/02/2008 15:11 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 17:04]
"KBD"="C:\HP\KBD\KBD.EXE" [11/02/2003 20:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/04/2004 21:43]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [04/03/2005 12:01 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [12/09/2003 20:13]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [21/04/2004 22:00]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 02:01]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 23:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"Status Monitor CLJ1500"="C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe" [05/06/2003 12:34]
"SoundMan"="SOUNDMAN.EXE" [06/04/2005 18:57 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [06/04/2005 18:53 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [12/04/2005 01:10 C:\WINDOWS\ALCMTR.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/12/2007 20:15]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 18:17]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [27/11/2007 12:58]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 17:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [15/05/2007 02:01]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 02:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe" [02/01/2004 01:59]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"LDM"="\Program\BackWeb-8876480.exe" []
"Spyware Doctor"="C:\PROGRA~1\SPYWAR~2\swdoctor.exe" [22/09/2007 21:01]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [15/11/2005 19:44]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [23/11/2007 08:04]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [27/11/2007 12:58]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20/10/2005 12:04:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [09/11/2004 21:59:10]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [21/11/2005 21:07:20]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [09/11/2004 22:51:45]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3a4a742-05a5-11db-8f85-0030f1e0fb33}]
AutoRun\command- N:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-04-14 10:11:24 ------------

Plus:

eckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.40GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.40GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 1023.29 MiB / 384 MiB
Pagefile Memory (total/avail): 2462.73 MiB / 1867.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.02 MiB

C: is Fixed (NTFS) - 229 GiB total, 130.87 GiB free.
D: is Fixed (FAT32) - 3.87 GiB total, 0.65 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (FAT)

\\.\PHYSICALDRIVE0 - Maxtor 7Y250M0 - 232.88 GiB - 2 partitions
\PARTITION0 - Unknown - 3.88 GiB - D:
\PARTITION1 (bootable) - Installable File System - 229 GiB - C:

\\.\PHYSICALDRIVE5 - USB Flash Memory USB Device - 243.17 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 245.92 MiB - K:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.0.462.000 (Check Point, LTD.)
AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Advanced Voice Client\\roger.exe"="C:\\Program Files\\Advanced Voice Client\\roger.exe:*:Enabled:Roger Wilco"
"C:\\Program Files\\Advanced Voice Client\\avc.exe"="C:\\Program Files\\Advanced Voice Client\\avc.exe:*:Enabled:Advanced Voice Client"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\PSS\\Airbus A3XX\\A330FuelPlanner.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\PSS\\Airbus A3XX\\A330FuelPlanner.exe:*:Enabled:A330 Fuel Planner Utility"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\FS9.EXE"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\FS9.EXE:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\ASRC\\asrc.exe"="C:\\Program Files\\ASRC\\asrc.exe:*:Enabled:ASRC executable"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\Program Files\\Grisoft\\AVG Free\\avgw.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgw.exe:*:Enabled:AVG Free Edition for Windows"
"C:\\Program Files\\Grisoft\\AVG Free\\avgvv.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgvv.exe:*:Enabled:AVG Free Virus Vault"
"C:\\Program Files\\Hewlett-Packard\\CLJ1500\\Toolbox\\HPPOUMUI.exe"="C:\\Program Files\\Hewlett-Packard\\CLJ1500\\Toolbox\\HPPOUMUI.exe:*:Disabled:Language Monitor UI"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LINSELL-FAMILY
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\LINSELL-FAMILY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft USB Flash Drive Manager\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;V5.00;C:\WINDOWS\LHSP
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
tvdumpflags=10
USERDOMAIN=LINSELL-FAMILY
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Simon (admin)
Alice
Henry
Administrator.LINSELL-FAMILY.000 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
[Lebor] OLBA2002 V1.0 --> C:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\ADDON SCENERY\BEIRUT\Uninstall_OLBA2002.exe
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
50N Boeing 737 Family Base Pack 1.1.0 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Aircraft\Uninstal.exe
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5A76-5A64-7E8A45000001}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
aerosoft's - Balearen-Gibraltar - FS2004 --> "C:\Program Files\Microsoft Games\Flight Simulator 9\aerosoft\Uninstall.exe" "uninstall_Balearen-Gibraltar.ini" "C:\Program Files\Microsoft Games\Flight Simulator 9"
aerosoft's - German Airports 2 - Cologne-Bonn - FS2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46464A5D-7D14-41E3-9C26-E3C186F37D84}\Setup.exe" -uninst
aerosoft's - German Airports 3 - FS2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECE1939E-3491-409E-87B7-E7DF65E7B909}\Setup.exe" -uninst
aerosoft's - London Heathrow 2008 --> C:\Program Files\InstallShield Installation Information\{C0A6901F-C919-47A3-A4D9-E2056314086B}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
aerosoft's - Madrid-Barajas 2004 - FS2004 --> "C:\Program Files\Microsoft Games\Flight Simulator 9\uninstall_Madrid-Barajas2004.exe"
aerosoft's - Malaga - FS2004 --> "C:\Program Files\Microsoft Games\Flight Simulator 9\aerosoft\Uninstall.exe" "uninstall_Malaga.ini" "C:\Program Files\Microsoft Games\Flight Simulator 9"
aerosoft's - Mega Airport Frankfurt - FS2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4E22434-1BCE-4C91-A1E4-FC352DFD4B3B}\Setup.exe" -uninst
Agere Systems PCI Soft Modem --> agrsmdel
Airbus A330 PRO Series 2.004.01 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Microsoft Games\Flight Simulator 9\PSS\a330_uni.ini"
Airbus A340 PRO Series 2.004.01 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Microsoft Games\Flight Simulator 9\PSS\a340_uni.ini"
Airbus Pro Load Edit 1.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Microsoft Games\Flight Simulator 9\pss\airbus a3xx\irunin.ini"
Airbus PRO Series 2.004.01 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Microsoft Games\Flight Simulator 9\PSS\a3xx_uni.ini"
Airbus Series Vol.1 Deluxe (FS2004) --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstal_Airbus1_wilco.exe
Amsterdam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2874FFC3-24DA-4BE7-B122-0573CED08A98}\Setup.exe" -l0x9
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Art Attack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{526294AE-4192-4A19-9BF0-66CE5631C757}\setup.exe" -l0x9 -removeonly
ASRC --> MsiExec.exe /I{D72B7816-2616-4695-84BD-EB5D6DE75A83}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BAMZOOKi v3.1 (build 115.158) --> "C:\Program Files\BAMZOOKi\unins000.exe"
BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Ben Gurion Airport 2006 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstal.exe
BlogTorrent beta-0.91 --> "C:\Program Files\BlogTorrent\uninstall.exe"
Boeing 757 Professional 2006 --> "C:\WINDOWS\Boeing 757 Professional 2006\uninstall.exe" "/U:C:\WINDOWS\Boeing 757 Professional 2006\Uninstall\uninstall.xml"
British Airways Flights --> C:\DOCUME~1\ALLUSE~1\APPLIC~1\innovata\BRITIS~1\Unwise32.exe /A C:\DOCUME~1\ALLUSE~1\APPLIC~1\innovata\BRITIS~1\install.log
Canon iP3500 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series /L0x0009
Canon iP3500 series User Registration --> C:\Program Files\Canon\IJEREG\iP3500 series\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon S330 --> C:\WINDOWS\system32\CNMCP45.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S330 Installer\Inst\DeIsL1.isu" -pCanon S330-c"C:\BJPrinter\CNMWINDOWS\Canon S330 Installer\Inst\bjinst.dll
Canon Utilities Easy-PhotoPrint --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"
Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Carenado Mooney M20J --> C:\Program Files\Microsoft Games\Flight Simulator 9\UNCARMOONEY.exe
Children's Encyclopedia --> C:\WINDOWS\C:\WINDOWS\uninst.exe -r"DK Multimedia\Children's Encyclopedia\1.1.0" -n"Children's Encyclopedia" -fC:\PROGRA~1\DKMULT~1\CHILDR~1\DeIsL1.isu -cC:\PROGRA~1\DKMULT~1\CHILDR~1\uninst.dll
CLOUD9 Amsterdam 1.04 upd --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8574E9D2-B5B4-4254-A7DD-B4B3DD37C0C9}\Setup.exe" -l0x9
Continental Airlines Timetable --> MsiExec.exe /X{884ACC8E-FE0E-4CA7-AE93-08435BD5A0A9}
Dash 8Q-300 by fanda v1.004 --> C:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\Uninstal.exe
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DUBAÏ 2004 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\dubai\Uninstal.exe
DUBAÏ landclass --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\dubclass\Uninstal.exe
DUBAÏ mesh --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\dubmesh\Uninstal.exe
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
EditVoicepack --> MsiExec.exe /I{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Europress Key Stage 2 English (7-9) --> MsiExec.exe /X{C9C6C3E4-A8C5-11D8-817F-004095301BDA}
Europress Key Stage 2 Maths (7-9) --> MsiExec.exe /X{17A03B83-A7F6-11D8-817F-004095301BDA}
Europress Key Stage 2 Science (7-9) --> MsiExec.exe /X{3B1E4B09-A8CE-11D8-817F-004095301BDA}
FDC Update Version 1.6 --> C:\PROGRA~1\FDC\UNWISE.EXE C:\PROGRA~1\FDC\INSTALL.LOG
FeelThere PIC ERJ-145LR 1.1a --> C:\Program Files\Microsoft Games\Flight Simulator 9\picerj145lr-uninst.exe
FinePixViewer Ver.4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FlightSim Commander 7.4 --> C:\PROGRA~1\FSC\UNWISE.EXE C:\PROGRA~1\FSC\INSTALL.LOG
FRP 2004 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\frp2004\Uninstal.exe
FS Real Time v1.73.1 --> C:\WINDOWS\iun6002.exe "C:\Program Files\FS Real Time\irunin.ini"
FS2Crew: 737 Professional Edition Upgrade 3 --> C:\Program Files\Microsoft Games\Flight Simulator 9\FS2Crew\FS2Crew_737 Professional Edition\Uninstal.exe
FSBoarding 2.2 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\FSBoarding\ST6UNST.LOG"
FSBuild 2 --> C:\Program Files\FSBuild\UnInstall_19636.exe
FSDreamTeam Zurich9 1.2 --> "C:\Program Files\Microsoft Games\Flight Simulator 9\unins000.exe"
FSNavigator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F76FF6D-B992-4FD9-8686-F09F868B2C58}\Setup.exe" -l0x9
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Fun Pack Uninstaller --> C:\WINDOWS\uninst.exe -fC:\FunPack\DeIsL1.isu
GAP Mega Pack --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstall GAP Mega Pack.exe
GAP_LGZA 2006 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstal.exe
getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Greatest Airliners 1.0.0 --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\FS2002\Flt173410uni.ini
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Horrible Science --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D049E2F-F15E-40A7-BEDD-CF3C84C6C720}\setup.exe" -l0x9 -removeonly
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp color LaserJet 1500 --> MsiExec.exe /I{5DB7F50E-0649-4347-B003-8CEFBFB9D9D1}
iFly 747-400 --> MsiExec.exe /I{CD5EDC95-46C4-4008-8513-3BA826EAC374}
iFly 747-400 Service Pack 1 --> MsiExec.exe /I{C983A158-02BF-44DA-80D8-40FFC1CB9BA1}
iFly 747-400 Service Pack 2 --> MsiExec.exe /I{B99CFFDC-B34D-495A-9664-D277CCA45AF5}
iFly 747-400 Service Pack 3 --> MsiExec.exe /I{73C59104-74E1-453B-9813-1D05F5AF4CBE}
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
International Cricket Captain 2006 Ashes --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94B85F28-84EE-42C8-8CED-FFBA35DBA670}\setup.exe" -l0x9 -removeonly
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
ISD PROJECT LIML2004 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\Milan Linate\Uninstal.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Development Kit 6 Update 5 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160050}
Just Flight Concorde Professional v1.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD87EC89-D798-42F1-B58A-6178C231BEFE}\setup.exe" -l0x9
KBD --> C:\HP\KBD\KBD.EXE uninstalled
KLGA La Guardia --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstall KLGA.exe
KMSP v1.1.1 for FS2004 --> MsiExec.exe /I{98297A57-368B-4FC3-A236-5BDEBB0C3702}
KS2 Maths National Tests --> MsiExec.exe /I{699BDDDE-8F09-4CF3-AAD5-A6BA0E996198}
LAGO Budapest 2004 Version 2.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91050E67-636C-4B65-8DEA-4196A8127E6B}\Setup.exe" -l0x9
LAGO MADDOG 1.50 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstall Maddog 1.50.exe
LAGO MADDOG EGPWS --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstall Maddog EGPWS.exe
LAGO MADDOG SP 1.51 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstall Maddog SP 1.51.exe
LAGO MD80 Maddog --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68E6D7F3-1CA0-478C-8037-EBA5391B05E2}\Setup.exe" -l0x9
Level-D Simulations 767-300 --> C:\Program Files\Microsoft Games\Flight Simulator 9\UnLvld767.exe
Logical Journey of the Zoombinis V1.1.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Broderbund Software\Zoombi32\DeIsL2.isu"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Print Studio 2001 --> MsiExec.exe /I{F3BF1670-5541-45A2-AFD3-2AA2E9754EEE}
Microsoft USB Flash Drive Manager --> MsiExec.exe /I{3F8EB641-6AD2-45DE-A8DD-91D7BDD39CDE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MicroStaff WINASPI NT --> C:\MWASPINT\uninst.exe
Monopoly Junior --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly Junior\Uninst.isu"
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\mtbs.exe c
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Music Library --> MsiExec.exe /I{03CC2830-B641-4678-8908-D5E63DAFC3D2}
Navman SmartST Desktop for iCN530 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78DAD7A3-EA94-456A-8872-41FED394B87E}\expand.exe" -l0x9 -removeonly
oneworld Timetables --> C:\PROGRA~1\ONEWOR~2\Unwise32.exe /A C:\PROGRA~1\ONEWOR~2\install.log
Our Lady of Lebanon for FS2004 (by Jad Abizeid) --> C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Uninstal_LeborHarissa.exe
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PIXMA Extended Survey Program --> C:\Program Files\Canon\IJPLM\SETUP.EXE -R
PMDG_747-400_Sound_Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2758F387-D016-4725-9D03-AB039364DF3D}\setup.exe" -l0x9 -removeonly
PMDG747_400 Queen of the Skies --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97679567-0095-464E-B5F2-E218A1CF3421}\setup.exe" -l0x9 -removeonly
PMDG747_400F --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{164360E5-0AAD-48AD-8A36-3F8A859FAB6F}\setup.exe" -l0x9 -removeonly
Power Rangers Ninja Storm Screen Saver --> C:\WINDOWS\Power Rangers Ninja Storm.scr /u
Presario PC Help --> C:\PROGRA~1\PRESAR~1\UNWISE.EXE C:\PROGRA~1\PRESAR~1\INSTALL.LOG
PROCIO --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\PROCIO\ST6UNST.LOG"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
PSS Airbus A330 v1.2 [FSSR] --> C:\PROGRA~1\MI9A48~1\FLIGHT~1\Pss\UNWISE.EXE C:\PROGRA~1\MI9A48~1\FLIGHT~1\Pss\INSTALL2.LOG
PSS Airbus A340 v1.2 [FSSR] --> C:\PROGRA~1\MI9A48~1\FLIGHT~1\Pss\UNWISE.EXE C:\PROGRA~1\MI9A48~1\FLIGHT~1\Pss\INSTALL.LOG
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QANTIM - Qantas Travel Itinerary Manager --> C:\PROGRA~1\QANTIM\UNWISE.EXE C:\PROGRA~1\QANTIM\INSTALL.LOG
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Reader Rabbit Personalised Nursery --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Reader Rabbit Personalised Nursery\Uninst.isu"
Reader Rabbit Personalised Year 1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Reader Rabbit Personalised Year 1\Uninst.isu"
Ready for Pushback V2_10 Full Version --> C:\Program Files\Microsoft Games\Flight Simulator 9\RFP_V2_Upgrade_Unistaller.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Remove UK2000 Birmingham files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\uk2000 scenery\UK2000 Birmingham\irunin.ini
Remove UK2000 Bristol Xtreme files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 Bristol Xtreme\irunin.ini
Remove UK2000 East Midlands files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\uk2000 scenery\UK2000 East Midlands\irunin.ini
Remove UK2000 Edinburgh FREE files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 Edinburgh FREE\irunin.ini
Remove UK2000 Edinburgh Xtreme files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 Edinburgh Xtreme\irunin.ini
Remove UK2000 Gatwick files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\uk2000 scenery\UK2000 Gatwick\irunin.ini
Remove UK2000 Gatwick Pro files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 Gatwick Pro\irunin.ini
Remove UK2000 Gatwick Xtreme files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 Gatwick Xtreme\irunin.ini
Remove UK2000 Glasgow Xtreme files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 Glasgow Xtreme\irunin.ini
Remove UK2000 Stansted Xtreme files --> C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\Stansted\\UK2000 Stansted Xtreme\irunin.ini
Saddle Up --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D33531F0-F0F0-4FA9-B3EC-88CB69F178D0}\Setup.exe" -l0x9
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Saxon_v23_uk --> C:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\ADDON SCENERY\LEIPZIG\Uninstal.exe
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SkyTeam Travel Timetable --> "C:\Program Files\SkyTeam Travel Timetable\unins000.exe"
Sofia Airport v1.0 --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\Sofia\Uninstal.exe
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SopCore 1.1.2 --> C:\Program Files\SopCast\uninst.exe
Spider-Man 2 Demo --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6F1EC187-3C90-4CC5-A567-ADC4DC31CD61}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 4.0 --> "C:\Program Files\Spyware Doctor\unins000.exe"
SquawkBox 3 --> C:\Program Files\SquawkBox3\sbuninstall.exe SquawkBox 3
Star Alliance Electronic Timetable --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Star Alliance Electronic Timetable\Uninst.isu"
Star Wars 3D Screensaver 1.3 --> "C:\Program Files\Star Wars 3D Screensaver\unins000.exe"
Tehran Scenery 2003 --> C:\WINDOWS\unvise32.exe C:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\ADDON SCENERY\uninstal.log
The Very Singapore --> C:\Program Files\Microsoft Games\Flight Simulator 9\Addon Scenery\Singapore\Uninstal.exe
Thomas & Friends - The Great Festival Adventure --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\The Great Festival Adventure\Uninst.isu"
Toy Story 2 ToyShelf_Cone --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\TOYSTO~1\DeIsL1.isu
TTS_Technology --> MsiExec.exe /I{AC696733-F8C5-4EAD-B165-AC8AB8C2A755}
Ultimate Traffic --> C:\WINDOWS\iun6002.exe "C:\Program Files\Microsoft Games\Flight Simulator 9\UT13.ini"
Version 1.0 --> "C:\Program Files\Real Environment Pro\unins000.exe"
Weather Maker Pro 4.9 --> MsiExec.exe /I{D2624C4A-A200-437B-8DA9-7764A31CB1AA}
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
Zoombinis Mountain Rescue(TM) --> C:\Program Files\The Learning Company\Zoombinis Mountain Rescue\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type40037 / Success
Event Submitted/Written: 04/14/2008 10:06:02 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type40028 / Error
Event Submitted/Written: 04/14/2008 09:53:13 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type40021 / Success
Event Submitted/Written: 04/14/2008 09:52:43 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type40005 / Success
Event Submitted/Written: 04/14/2008 07:08:28 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type39999 / Error
Event Submitted/Written: 04/13/2008 07:11:25 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type968111 / Error
Event Submitted/Written: 04/14/2008 10:11:24 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053

Event Record #/Type968110 / Error
Event Submitted/Written: 04/14/2008 10:11:24 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.

Event Record #/Type968109 / Error
Event Submitted/Written: 04/14/2008 10:11:22 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053

Event Record #/Type968108 / Error
Event Submitted/Written: 04/14/2008 10:11:22 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.

Event Record #/Type968107 / Error
Event Submitted/Written: 04/14/2008 10:11:20 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053



-- End of Deckard's System Scanner: finished at 2008-04-14 10:11:24 ------------

Once again thanks for your continued help and support.
Regards A
ArthurP
Active Member
 
Posts: 12
Joined: April 7th, 2008, 3:53 pm

Re: Help my computer has been hijacked or infected?

Unread postby random/random » April 14th, 2008, 9:17 am

I suspect you problem is being caused by the ZoneAlarm Spy Blocker

Go to Start> Control Panel> Add or Remove Programs.

Remove the following program, if it is present.

  • ZoneAlarm Spy Blocker

Restart & let me know if the problem persists.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 598 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware