Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Paypal account hacked - HijackThis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Paypal account hacked - HijackThis log

Unread postby SteveDimondHome » April 30th, 2008, 4:06 pm

Hi,

My Paypal account has been hacked and I am worried about malware. I strongly suspect that my security was breached when I used a work PC to access my Paypal account, but I want to make sure that my home PC is not infected.

My PC sits behind a hardware firewall and is running Vista 64.

I include my HijackThis log. I'm not sure why it reports so many files missing - they are all there.

Regards,
Steve

------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:03, on 30/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Microsoft Encarta\Encarta Reference Library 2007 DVD\EDICT.EXE
C:\Program Files (x86)\Sprite Software\Sprite Backup\spriteservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\DAEMON Tools\daemon.exe
C:\Program Files (x86)\NeoLink\app\NeoLink-server.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCSVR.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.demon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files (x86)\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files (x86)\ReGet Software\ReGet Deluxe 5.1\IEBar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [E07ZXLRD_13706123] "C:\Program Files (x86)\Microsoft Encarta\Encarta Reference Library 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [SpriteService] "C:\Program Files (x86)\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NeoLink.lnk = C:\Program Files (x86)\NeoLink\app\NeoLink-server.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files (x86)\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files (x86)\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~2\ZIPSCA~1\zs_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O18 - Protocol: x-imgvw - {F15A66AE-D376-484D-BE92-A9DF4F1B12C5} - C:\Program Files (x86)\RSPB Birds\ImgVw.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10643 bytes
SteveDimondHome
Active Member
 
Posts: 6
Joined: April 30th, 2008, 2:48 pm
Advertisement
Register to Remove

Re: Paypal account hacked - HijackThis log

Unread postby Carolyn » May 3rd, 2008, 12:33 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please reply to this thread, do not start another.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

As I am still in training, everything that I post to you must be checked by one of the teachers. Thus, there may be a bit of a delay between posts, but it shouldn't be too long.

If you follow these instructions, everything should go smoothly.

we are currently looking at your log now and will be back as soon as possible with your instructions.
while you are waiting one other thing that can be of good use is an uninstall list so please do the following

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Right click on HijackThis and click Run as administrator
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Paypal account hacked - HijackThis log

Unread postby SteveDimondHome » May 3rd, 2008, 2:29 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Anquet Maps v06
Apple Software Update
Application Suite
AsfTools 3.1 (remove only)
AVIcodec (remove only)
Beyond Compare Version 2.5.2
Birds of the Western Palearctic
British Birds interactive
BUFFALO INC. TeraStation Utility
Calc98
CalcConvert - Pocket PC Edition 1.1.2
CDisplayEx 1.4
Celestia 1.5.0
Chinese Traditional Fonts Support For Adobe Reader 8
CodeWallet Pro 2006 for Windows Mobile
Concise Oxford English Dictionary
ConverterCE Pro 3.1
DesignPro 5 Lite Edition
Elecont Weather 1.0.634 for Windows Mobile(Elecont)
Emu48CE 1.23
FaxSee Pro version 2.70
ffdshow [rev 1058+] [2007-03-22]
Fizz Traveller 3
Fizz Weather 2
Google Earth
HELIOS NeoLink version 1.4
HexEdit
HexEdit
HijackThis 2.0.2
HP Photosmart Essential
HP Update
HP48g,49g,50g series Calculator Connectivity Kit
Ipswitch WS_FTP Professional 2007
Japanese Fonts Support For Adobe Reader 8
JAS
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Logitech SetPoint
MapWinGIS ActiveX Control
Microsoft Digital Image Suite Anniversary Edition
Microsoft Encarta Reference Library 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ Redist - ENU
Mobifusion
Mobifusion
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Nero 7 Essentials
neroxml
oggcodecs 0.71.0946
Pocket Bird Recorder 4
Pocket Earth 3.5
Pocket RAR documentation
PowerDVD
QuickPar 0.9
QuickSFV (Remove only)
QuickTime
Real Alternative 1.52
Realtek High Definition Audio Driver
ReGet Add-On For HTTPS
ReGet Deluxe 5.1
Resco Explorer
Resco Photo Viewer
RSPB Birds
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Visio 2007 (KB947590)
Spelling Dictionaries Support For Adobe Reader 8
Sprite Backup
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Sudoku Epic
TMPGEnc 4.0 XPress
TMPGEnc DVD Author 3 with DivX Authoring
TMPGEnc MPEG Editor 2.0
TMPGEnc Sound Player
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
VivTV
Wildlife Recorder 3.0 (Build 695)
Wildlife Recorder 3.0 Patch (Build 778)
Windows Mobile® Device Handbook
WinFax Merger version 2.2
WinRAR archiver
WinZip 11.1
WinZip 11.2
WisBar Advance 3
Xvid 1.1.2 final uninstall

Regards,
Steve
SteveDimondHome
Active Member
 
Posts: 6
Joined: April 30th, 2008, 2:48 pm

Re: Paypal account hacked - HijackThis log

Unread postby Carolyn » May 5th, 2008, 6:58 am

Hello Steve -

Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Right click on dss.exe and select Run as administrator, then follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.


Please post the contents of main.txt and extra.txt.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Paypal account hacked - HijackThis log

Unread postby SteveDimondHome » May 7th, 2008, 5:43 pm

Hi,

main.txt

Deckard's System Scanner v20071014.68
Run by Steve Dimond on 2008-05-07 22:32:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
13: 2008-05-07 20:59:33 UTC - RP626 - Scheduled Checkpoint
12: 2008-05-06 18:26:34 UTC - RP625 - Windows Update
11: 2008-05-05 23:09:15 UTC - RP624 - Scheduled Checkpoint
10: 2008-05-04 19:25:35 UTC - RP623 - Scheduled Checkpoint
9: 2008-05-03 23:00:02 UTC - RP622 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-04-27 19:28:13 UTC - RP614 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Steve Dimond.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:51, on 07/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Microsoft Encarta\Encarta Reference Library 2007 DVD\EDICT.EXE
C:\Program Files (x86)\Sprite Software\Sprite Backup\spriteservice.exe
C:\Program Files (x86)\DAEMON Tools\daemon.exe
C:\Program Files (x86)\NeoLink\app\NeoLink-server.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Users\Steve Dimond\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Steve Dimond.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.demon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files (x86)\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files (x86)\ReGet Software\ReGet Deluxe 5.1\IEBar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [E07ZXLRD_13706123] "C:\Program Files (x86)\Microsoft Encarta\Encarta Reference Library 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [SpriteService] "C:\Program Files (x86)\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NeoLink.lnk = C:\Program Files (x86)\NeoLink\app\NeoLink-server.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files (x86)\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files (x86)\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~2\ZIPSCA~1\zs_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O18 - Protocol: x-imgvw - {F15A66AE-D376-484D-BE92-A9DF4F1B12C5} - C:\Program Files (x86)\RSPB Birds\ImgVw.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10297 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (IDE Channel) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing)
R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing)
R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 fvevol (BitLocker Drive Encryption Filter Driver) - c:\windows\system32\drivers\fvevol.sys (file missing)
R0 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing)
R0 intelide - c:\windows\system32\drivers\intelide.sys (file missing)
R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys (file missing)
R0 JRAID - c:\windows\system32\drivers\jraid.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 msisadrv (ISA/EISA Class Driver) - c:\windows\system32\drivers\msisadrv.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 pci (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
R0 pciide - c:\windows\system32\drivers\pciide.sys (file missing)
R0 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing)
R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing)
R0 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
R0 volmgr (Volume Manager Driver) - c:\windows\system32\drivers\volmgr.sys (file missing)
R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing)
R0 volsnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing)
R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing)
R1 cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 CSC (Offline Files Driver) - c:\windows\system32\drivers\csc.sys (file missing)
R1 DfsC (DFS Namespace Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing)
R1 easdrv - c:\windows\system32\drivers\easdrv.sys (file missing)
R1 epfwtdir - c:\windows\system32\drivers\epfwtdir.sys (file missing)
R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
R1 kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\pacer.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing)
R1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing)
R1 Smb (Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)) - c:\windows\system32\drivers\smb.sys (file missing)
R1 tdx (NetIO Legacy TDI Support Driver) - c:\windows\system32\drivers\tdx.sys (file missing)
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing)
R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R2 eamon - c:\windows\system32\drivers\eamon.sys (file missing)
R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing)
R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing)
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys (file missing)
R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing)
R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing)
R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing)
R2 XAudio - c:\windows\system32\drivers\xaudio64.sys (file missing)
R3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing)
R3 CAXHWBS2 - c:\windows\system32\drivers\caxhwbs2.sys (file missing)
R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing)
R3 fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
R3 flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
R3 HSF_DPV - c:\windows\system32\drivers\cax_dpv.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkvhd64.sys (file missing)
R3 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
R3 iScsiPrt (iScsiPort Driver) - c:\windows\system32\drivers\msiscsi.sys (file missing)
R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 L8042Kbd (SetPoint Keyboard Driver) - c:\windows\system32\drivers\l8042kbd.sys (file missing)
R3 L8042mou (SetPoint PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042mou.sys (file missing)
R3 LMouKE (SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
R3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
R3 monitor (Microsoft Monitor Class Function Driver Service) - c:\windows\system32\drivers\monitor.sys (file missing)
R3 mpsdrv (Windows Firewall Authorization Driver) - c:\windows\system32\drivers\mpsdrv.sys (file missing)
R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing)
R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys (file missing)
R3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing)
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)
R3 nvlddmkm - c:\windows\system32\drivers\nvlddmkm.sys (file missing)
R3 ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 RasSstp (WAN Miniport (SSTP)) - c:\windows\system32\drivers\rassstp.sys (file missing)
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 RTL8187 (Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter) - c:\windows\system32\drivers\rtl8187.sys (file missing)
R3 Serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
R3 srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing)
R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing)
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 tunmp (Microsoft Tun Miniport Adapter Driver) - c:\windows\system32\drivers\tunmp.sys (file missing)
R3 tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver) - c:\windows\system32\drivers\tunnel.sys (file missing)
R3 umbus (UMBus Enumerator Driver) - c:\windows\system32\drivers\umbus.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
R3 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing)
R3 winachsf - c:\windows\system32\drivers\cax_cnxt.sys (file missing)
R3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing)
R3 yukonx64 (NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller) - c:\windows\system32\drivers\yk60x64.sys (file missing)
R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing)

S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing)
S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing)
S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing)
S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing)
S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:\windows\system32\drivers\drmkaud.sys (file missing)
S3 E1G60 (Intel(R) PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing)
S3 exfat (exFAT File System Driver) - c:\windows\system32\drivers\exfat.sys (file missing)
S3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing)
S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing)
S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing)
S3 HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\hdaudio.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing)
S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - c:\windows\system32\drivers\mstee.sys (file missing)
S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing)
S3 QWAVEdrv (QWAVE driver) - c:\windows\system32\drivers\qwavedrv.sys (file missing)
S3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing)
S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing)
S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing)
S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing)
S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing)
S3 usb_rndisx (USB RNDIS Adapter) - c:\windows\system32\drivers\usb8023x.sys (file missing)
S3 usbscan (USB Scanner Driver) - c:\windows\system32\drivers\usbscan.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 VST64_DPV - c:\windows\system32\drivers\vstdpv6.sys (file missing)
S3 VST64HWBS2 - c:\windows\system32\drivers\vstbs26.sys (file missing)
S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
S3 winusb (WinUSB Service) - c:\windows\system32\drivers\winusb.sys (file missing)
S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing)
S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing)
S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing)
S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing)
S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing)
S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing)
S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing)
S4 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
S4 arc - c:\windows\system32\drivers\arc.sys (file missing)
S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing)
S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing)
S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing)
S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing)
S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing)
S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing)
S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing)
S4 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing)
S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing)
S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing)
S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing)
S4 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing)
S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing)
S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing)
S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing)
S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing)
S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing)
S4 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing)
S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing)
S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing)
S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing)
S4 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing)
S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing)
S4 msahci - c:\windows\system32\drivers\msahci.sys (file missing)
S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing)
S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing)
S4 nvraid - c:\windows\system32\drivers\nvraid.sys (file missing)
S4 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing)
S4 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing)
S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing)
S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing)
S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing)
S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing)
S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing)
S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing)
S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing)
S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing)
S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing)
S4 udfs - c:\windows\system32\drivers\udfs.sys (file missing)
S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing)
S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing)
S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing)
S4 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing)
S4 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
S4 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing)
S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing)
S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing)
S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing)
S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing)
S4 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing)
S4 ws2ifsl (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - c:\windows\system32\drivers\ws2ifsl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Fax - c:\windows\system32\fxssvc.exe (file missing)
R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
R2 SBSDWSCService (SBSD Security Center Service) - c:\program files (x86)\spybot - search & destroy\sdwinsec.exe
R2 slsvc (Software Licensing) - c:\windows\system32\slsvc.exe (file missing)
R2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing)
R2 XAudioService - c:\windows\system32\drivers\xaudio64.exe (file missing)
R3 KeyIso (CNG Key Isolation) - c:\windows\system32\lsass.exe (file missing)
R3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)

S3 ALG (Application Layer Gateway Service) - c:\windows\system32\alg.exe (file missing)
S3 DFSR (DFS Replication) - c:\windows\system32\dfsr.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 NBService - c:\program files (x86)\nero\nero 7\nero backitup\nbservice.exe
S3 Netlogon - c:\windows\system32\lsass.exe (file missing)
S3 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)
S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe (file missing)
S3 SNMPTRAP (SNMP Trap) - c:\windows\system32\snmptrap.exe (file missing)
S3 UI0Detect (Interactive Services Detection) - c:\windows\system32\ui0detect.exe (file missing)
S3 vds (Virtual Disk) - c:\windows\system32\vds.exe (file missing)
S3 wbengine (Block Level Backup Engine Service) - "c:\windows\system32\wbengine.exe" (file missing)
S3 wmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-04-30 20:33:48 0 d-------- C:\Program Files (x86)\Trend Micro
2008-04-07 18:56:25 0 d-------- C:\Windows\system32\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-05-07 22:21:26 12 --a------ C:\Windows\bthservsdp.dat
2008-05-07 08:21:25 0 d-------- C:\Users\Steve Dimond\AppData\Roaming\ReGet Software
2008-04-30 02:07:36 0 d-------- C:\Users\Steve Dimond\AppData\Roaming\uTorrent
2008-04-15 22:13:11 0 d-------- C:\Users\Steve Dimond\AppData\Roaming\U3
2008-04-09 03:09:33 0 d-------- C:\Program Files (x86)\Windows Mail
2008-03-24 04:08:40 0 d-------- C:\Program Files (x86)\Java
2008-03-12 04:11:39 0 d-------- C:\Program Files (x86)\CodeWallet Pro 2006 for Windows Mobile
2008-03-12 04:08:16 0 d-------- C:\Program Files (x86)\MxCalc15c
2008-03-12 04:07:01 0 d-------- C:\Program Files (x86)\3GR Tech
2008-02-26 02:19:32 8403 --a------ C:\Windows\unins001.dat
2008-02-26 02:19:08 691545 --a------ C:\Windows\unins001.exe
2008-02-23 21:03:18 2553 --a------ C:\Windows\unins000.dat
2008-02-23 21:02:49 691545 --a------ C:\Windows\unins000.exe
2008-02-21 23:25:18 174 --ahs---- C:\Program Files (x86)\desktop.ini


-- Registry Dump ---------------------------------------------------------------



-- Hosts -----------------------------------------------------------------------

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

8397 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-07 22:36:33 ------------


extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X64; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 2046.31 MiB / 1013.79 MiB
Pagefile Memory (total/avail): 4329.91 MiB / 3073.21 MiB
Virtual Memory (total/avail): 4095.88 MiB / 3948.05 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 97.65 GiB total, 31.52 GiB free.
D: is Fixed (NTFS) - 42.07 GiB total, 37.51 GiB free.
E: is Fixed (NTFS) - 465.76 GiB total, 42.36 GiB free.
F: is Fixed (NTFS) - 465.76 GiB total, 80.06 GiB free.
G: is CDROM (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is Removable (No Media)
M: is Removable (No Media)
N: is Removable (No Media)

\\.\PHYSICALDRIVE2 - BACKUP - 465.75 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - E:

\\.\PHYSICALDRIVE3 - Config Disk - 320 KiB - 0 partitions

\\.\PHYSICALDRIVE1 - WDC WD1500ADFD-00NLR1 - 139.73 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 97.65 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 42.07 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD50 00AAKS-0 SCSI Disk Device - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - F:

\\.\PHYSICALDRIVE5 - GENERIC USB Storage-CFC USB Device

\\.\PHYSICALDRIVE7 - GENERIC USB Storage-MSC USB Device

\\.\PHYSICALDRIVE6 - GENERIC USB Storage-SDC USB Device

\\.\PHYSICALDRIVE4 - GENERIC USB Storage-SMC USB Device



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Steve Dimond\AppData\Roaming
CLASSPATH=.;C:\Program Files (x86)\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=STEVEDIMOND-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Steve Dimond
LOCALAPPDATA=C:\Users\Steve Dimond\AppData\Local
LOGONSERVER=\\STEVEDIMOND-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files (x86)\Java\jre1.6.0_02\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\STEVED~1\AppData\Local\Temp
TMP=C:\Users\STEVED~1\AppData\Local\Temp
USERDOMAIN=SteveDimond-PC
USERNAME=Steve Dimond
USERPROFILE=C:\Users\Steve Dimond
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Steve Dimond


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system --> "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Adobe Flash Player ActiveX --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Anquet Maps v06 --> MsiExec.exe /I{5DDA3BF3-583C-4431-AC98-92A943EA8778}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Application Suite --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B15A88FC-9466-40B8-9DEA-3EC50F3C54C7}\Setup.exe" -l0x9
AsfTools 3.1 (remove only) --> C:\Program Files (x86)\AsfTools 3.1\Uninst.exe
AVIcodec (remove only) --> "C:\Program Files (x86)\AVIcodec\uninst.exe"
Beyond Compare Version 2.5.2 --> "C:\Program Files (x86)\Beyond Compare 2\unins000.exe"
Birds of the Western Palearctic --> C:\Program Files (x86)\BirdGuides\BWPi\Uninstall.exe
British Birds interactive --> C:\Program Files (x86)\BirdGuides\BBi\Uninstall.exe
BUFFALO INC. TeraStation Utility --> C:\Windows\UN021217.EXE /U
Calc98 --> C:\Program Files (x86)\Calc98\setup.exe
CalcConvert - Pocket PC Edition 1.1.2 --> C:\Program Files (x86)\Binaryfish\CalcConvert - Pocket PC Edition\uninst.exe
CDisplayEx 1.4 --> "C:\Program Files (x86)\CDisplayEx\unins000.exe"
Celestia 1.5.0 --> "C:\Program Files (x86)\Celestia\unins000.exe"
Chinese Traditional Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003}
CodeWallet Pro 2006 for Windows Mobile --> "C:\Windows\CodeWallet Pro 2006 for Windows Mobile\uninstall.exe" "/U:C:\Program Files (x86)\CodeWallet Pro 2006 for Windows Mobile\Uninstall\uninstall.xml"
Concise Oxford English Dictionary --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{30EA87FA-14C2-40D3-8B8B-4B83F554B69F}\setup.exe" -l0x9 -removeonly
ConverterCE Pro 3.1 --> "C:\Windows\unins001.exe"
DesignPro 5 Lite Edition --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DA8E52C7-8638-4AD6-B94E-53ED24EE5202}
Elecont Weather 1.0.634 for Windows Mobile(Elecont) --> MsiExec.exe /I{65F55FD1-764F-4FDE-91A6-10B15A0D848D}
Emu48CE 1.23 --> "C:\Program Files (x86)\GNU Emu48CE for PocketPC\unins000.exe"
FaxSee Pro version 2.70 --> "C:\Program Files (x86)\SFaxTools\FaxSeePro\unins000.exe"
ffdshow [rev 1058+] [2007-03-22] --> "C:\Program Files (x86)\ffdshow\unins000.exe"
Fizz Traveller 3 --> C:\Windows\WindowsMobile\Fizz Traveller 3\Uninstall.exe Fizz Traveller 3
Fizz Weather 2 --> C:\Windows\WindowsMobile\Fizz Weather 2\Uninstall.exe Fizz Weather 2
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
HELIOS NeoLink version 1.4 --> "C:\Program Files (x86)\NeoLink\unins000.exe"
HexEdit --> MsiExec.exe /I{16D11547-BD13-4EFA-8A7D-976933A95102}
HexEdit --> MsiExec.exe /I{F285DFA4-FD9E-436D-A29C-B9E126D709CA}
HijackThis 2.0.2 --> "C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Update --> MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
HP48g,49g,50g series Calculator Connectivity Kit --> C:\Program Files (x86)\Hewlett-Packard\Conn4x\UnInstall_17604.exe
Ipswitch WS_FTP Professional 2007 --> C:\Program Files (x86)\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe -runfromtemp -l0x0009 -removeonly
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
JAS --> C:\WINDOWS\st6unst.exe -n "C:\Program Files (x86)\JAS\ST6UNST.LOG"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Logitech SetPoint --> C:\Program Files (x86)\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
MapWinGIS ActiveX Control --> "C:\Program Files (x86)\Common Files\MapWindow\unins000.exe"
Microsoft Digital Image Suite Anniversary Edition --> "C:\Program Files (x86)\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE VERSION=12
Microsoft Encarta Reference Library 2007 --> MsiExec.exe /I{07680081-E9B4-4DF6-A845-CAAFD093E477}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ Redist - ENU --> MsiExec.exe /X{5E09E82C-004D-4F08-B051-46DE6D79F71A}
Mobifusion --> MsiExec.exe /I{4C50138E-3E3D-467F-9FE3-D3609549D50A}
Mobifusion --> MsiExec.exe /I{A7E4838F-1648-4D68-BD55-13C536550F8E}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 7 Essentials --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
oggcodecs 0.71.0946 --> C:\Program Files (x86)\illiminable\oggcodecs\uninst.exe
Pocket Bird Recorder 4 --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{46F957B2-98B4-4D63-ACB3-5033818B76C0}
Pocket Earth 3.5 --> C:\Windows\WindowsMobile\Pocket Earth 3.5\Uninstall.exe Pocket Earth 3.5
Pocket RAR documentation --> C:\Program Files (x86)\PocketRAR\uninstall.exe
PowerDVD --> "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
QuickPar 0.9 --> C:\Program Files (x86)\QuickPar\uninst.exe
QuickSFV (Remove only) --> C:\Program Files (x86)\QuickSFV\QSFVUNST.EXE C:\Program Files (x86)\QuickSFV\
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Real Alternative 1.52 --> "C:\Program Files (x86)\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver --> RtlUpd64.exe -r -m
ReGet Add-On For HTTPS --> C:\Program Files (x86)\Common Files\ReGet Shared\InstallSSL.exe uninstall
ReGet Deluxe 5.1 --> MsiExec.exe /I{2275ACCE-D871-4940-8963-56ECE356E042}
Resco Explorer --> C:\Windows\RSetupCE.exe -uninstC:\Program Files (x86)\Resco\Pocket Encryption\_Install.log
Resco Photo Viewer --> C:\Windows\RSetupCE.exe -uninstC:\Program Files (x86)\Resco\Photo Viewer\_Install.log
RSPB Birds --> C:\PROGRA~2\RSPBBI~1\UNWISE.EXE C:\PROGRA~2\RSPBBI~1\INSTALL.LOG
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Sprite Backup --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8827923A-B5B5-44F9-8FAF-DFFDB23BBEB8}\setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files (x86)\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\Windows\unins000.exe"
Sudoku Epic --> C:\Program Files (x86)\Sudoku Epic\uninstall.exe
TMPGEnc 4.0 XPress --> MsiExec.exe /I{ED80F174-B621-4B8F-BBB9-3E031A59555A}
TMPGEnc DVD Author 3 with DivX Authoring --> MsiExec.exe /I{3E9F2540-DD55-42FB-8EB6-5508EEC54013}
TMPGEnc MPEG Editor 2.0 --> MsiExec.exe /I{06607A48-98DC-48F9-922F-40FD2D7FF6D1}
TMPGEnc Sound Player --> MsiExec.exe /I{5D0D08F9-FE89-4AC1-B833-3CCB14F57578}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
VivTV --> C:\PROGRA~2\MediaTV\VivTV\UNWISE.EXE C:\PROGRA~2\MediaTV\VivTV\INSTALL.LOG
Wildlife Recorder 3.0 (Build 695) --> MsiExec.exe /I{E526EAAA-A9E9-4BF9-A85A-3C27C97B2173}
Wildlife Recorder 3.0 Patch (Build 778) --> MsiExec.exe /I{C314F846-EF84-4AC8-A7DA-6A37706BD1FF}
Windows Mobile® Device Handbook --> C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
WinFax Merger version 2.2 --> "C:\Program Files (x86)\SFaxTools\WinFaxMerger\unins000.exe"
WinRAR archiver --> C:\Program Files (x86)\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
WisBar Advance 3 --> "C:\Program Files (x86)\Microsoft ActiveSync\WisBar Advance 3\unins000.exe"
Xvid 1.1.2 final uninstall --> "C:\Program Files (x86)\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type21137 / Error
Event Submitted/Written: 05/07/2008 10:27:25 PM
Event ID/Source: 3024 / Windows Search Service
Event Description:
The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Windows Application, SystemIndex Catalog

Event Record #/Type21127 / Success
Event Submitted/Written: 05/07/2008 10:23:29 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type21126 / Success
Event Submitted/Written: 05/07/2008 10:23:29 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type21123 / Success
Event Submitted/Written: 05/07/2008 10:23:15 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type21115 / Warning
Event Submitted/Written: 05/07/2008 10:21:23 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1330687757-3609735428-1246525555-1000_Classes:
Process 324 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1330687757-3609735428-1246525555-1000_CLASSES



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type87518 / Warning
Event Submitted/Written: 05/07/2008 10:35:03 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{EF901B63-5322-43CD-B5B5-4C87D54D0D36}SteveDimond-PCSteve DimondS-1-5-21-1330687757-3609735428-1246525555-1000Unknown%%832driver:huy320%%807

Event Record #/Type87517 / Warning
Event Submitted/Written: 05/07/2008 10:35:03 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{936B8B6B-1527-40A3-8507-234AE4827DFF}SteveDimond-PCSteve DimondS-1-5-21-1330687757-3609735428-1246525555-1000Unknown%%832service:huy320%%807

Event Record #/Type87516 / Warning
Event Submitted/Written: 05/07/2008 10:35:03 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{9D86E79E-24FF-45FF-AA08-CDD152983622}SteveDimond-PCSteve DimondS-1-5-21-1330687757-3609735428-1246525555-1000Unknown%%832driver:xpdt0%%807

Event Record #/Type87515 / Warning
Event Submitted/Written: 05/07/2008 10:35:03 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{2D83404E-A6DA-47F8-84DD-B7DF2E55DBB0}SteveDimond-PCSteve DimondS-1-5-21-1330687757-3609735428-1246525555-1000Unknown%%832service:xpdt0%%807

Event Record #/Type87406 / Error
Event Submitted/Written: 05/07/2008 10:23:19 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos



-- End of Deckard's System Scanner: finished at 2008-05-07 22:36:33 ------------


Regards,
Steve
SteveDimondHome
Active Member
 
Posts: 6
Joined: April 30th, 2008, 2:48 pm

Re: Paypal account hacked - HijackThis log

Unread postby Carolyn » May 8th, 2008, 10:57 am

Hi Steve,

Disable MS Defender until the computer is clean

Microsoft Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save
Don't forget to re-enable it, when your computer is clean.


Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  1. Right click on mbam-setup.exe and select Run as administrator
  2. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  3. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  4. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  5. Leave the default options as it is and click on Start Scan.
  6. When done, you will be prompted. Click OK, then click on Show Results.
  7. Checked (ticked) all items and click on Remove Selected.
  8. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Note: While the free Malwarebytes' Anti-malware scanner is compatible with Vista x64, the Real-Time Protection included in the paid version is not.


Please post the Malwarebytes' Anti-malware log and a fresh HijackThis log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Paypal account hacked - HijackThis log

Unread postby SteveDimondHome » May 8th, 2008, 5:32 pm

Hi Carolyn,

The Anti-Malware software found nothing wrong, so I wasn't given the "show results" option.

As I stated in my original post, I suspect that my problems came about as a result of using my work PC to access my Paypal account. I hardly ever use Paypal, and the day before I used it at work I receive an email from the company Computer Services division telling me that my work PC was infected with a virus. Both the CS department and I ran a virus scan which found nothing, but I suspect that the Virus Scanner (Symantec) had been nobbled, as a couple of days later I noticed that the scan engine had been disabled - it took a reinstall to fix. I am not therefore expecting to find anything wrong with my home PC.

I am going to reenable my Spybot TeaTimer and the Windows Defender real-time protection now. If you need me to run any further scans I will gladly disable them again.

Regards,
Steve

Anti-Malware log
----------------

Malwarebytes' Anti-Malware 1.12
Database version: 731

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 523946
Time elapsed: 1 hour(s), 11 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HijackThis log
-------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:38, on 08/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Microsoft Encarta\Encarta Reference Library 2007 DVD\EDICT.EXE
C:\Program Files (x86)\Sprite Software\Sprite Backup\spriteservice.exe
C:\Program Files (x86)\DAEMON Tools\daemon.exe
C:\Program Files (x86)\NeoLink\app\NeoLink-server.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCSVR.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.demon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files (x86)\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files (x86)\ReGet Software\ReGet Deluxe 5.1\IEBar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [E07ZXLRD_13706123] "C:\Program Files (x86)\Microsoft Encarta\Encarta Reference Library 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [SpriteService] "C:\Program Files (x86)\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NeoLink.lnk = C:\Program Files (x86)\NeoLink\app\NeoLink-server.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files (x86)\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files (x86)\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~2\ZIPSCA~1\zs_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O18 - Protocol: x-imgvw - {F15A66AE-D376-484D-BE92-A9DF4F1B12C5} - C:\Program Files (x86)\RSPB Birds\ImgVw.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10421 bytes
SteveDimondHome
Active Member
 
Posts: 6
Joined: April 30th, 2008, 2:48 pm

Re: Paypal account hacked - HijackThis log

Unread postby Carolyn » May 9th, 2008, 9:45 pm

Hello Steve,

As I stated in my original post....I am not therefore expecting to find anything wrong with my home PC.


Yes, that is what you stated. You also stated
I want to make sure that my home PC is not infected.


The best way to tell if there is anything going on with your computer is to use multiple scans. Every scanning product uses a different type of technology, different algorithms if you will, to identify potential problems on your computer. I would never rely on only one or two scans to determine if a computer is clean.

I recommend that you disable TeaTimer and the Windows Defender real-time protection once more and run the following scan:
Note: This scan will take about 2 hours.

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
  • If Internet Explorer responds saying the report has been saved to the Temporary Internet Files folder, say Yes to open the folder, then navigate to C -> Users -> (Your username) -> Desktop to locate the report
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Paypal account hacked - HijackThis log

Unread postby SteveDimondHome » May 10th, 2008, 3:07 pm

Hi Carolyn,

I enclose the scan report and a new HijackThis log. Kaspersky has found a virus from 2003 in my email file which I am aware of. I have never opened the attachment, but I have now deleted the message to avoid further infection reports. Kaspersky also found viruses I am aware of in my point-in-time mail file archives - I don't intend to do anything with these. The "not-a-viruses" are Adwares which I have never installed. mIRC and eDonkey have never been installed (and never will be), and I have never allowed Daemon Tools and Nero to install their "spies". E:\Applications is where I store my installation executables, not where I run apps from.

The PC is showing no symptoms.

Kaspersky log
-------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 10, 2008 5:59:05 PM
Operating System: Microsoft Windows Vista, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/05/2008
Kaspersky Anti-Virus database records: 752929
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\
J:\
K:\
L:\
M:\
N:\

Scan Statistics:
Total number of scanned objects: 452192
Number of viruses found: 6
Number of infected objects: 24
Number of suspicious objects: 0
Duration of the scan process: 02:43:22

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\boot.ini Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\VistaSP1_InstallPerf_142855.sqm Object is locked skipped
C:\Mail\Outlook.pst/Personal Folders/Books/18 Jun 2003 11:37 from Tony (Ken Spelman):York Book Fair 2003.rtf Infected: Virus.JS.Fortnight.b skipped
C:\Mail\Outlook.pst MailMSMaill: infected - 1 skipped
C:\NTDETECT.COM Object is locked skipped
C:\ntldr Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051020080511\index.dat Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\UsrClass.dat{915ceedf-1e20-11dd-95d9-0018f3f526c7}.TM.blf Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\UsrClass.dat{915ceedf-1e20-11dd-95d9-0018f3f526c7}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows\UsrClass.dat{915ceedf-1e20-11dd-95d9-0018f3f526c7}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Temp\hsperfdata_Steve Dimond\1764 Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Temp\Low\~DF4959.tmp Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Temp\Low\~DF495F.tmp Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Ahead\Nero Home\bl.db Object is locked skipped
C:\Users\Steve Dimond\AppData\Local\Ahead\Nero Home\is2.db Object is locked skipped
C:\Users\Steve Dimond\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Steve Dimond\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Steve Dimond\AppData\Roaming\Sprite Software\Sprite Backup Manager\BackupManagerLog.txt Object is locked skipped
C:\Users\Steve Dimond\Documents\HELIOS NeoLink Library\Cache\data.data Object is locked skipped
C:\Users\Steve Dimond\Documents\HELIOS NeoLink Library\Cache\data.lck Object is locked skipped
C:\Users\Steve Dimond\Documents\HELIOS NeoLink Library\Cache\data.log Object is locked skipped
C:\Users\Steve Dimond\NTUSER.DAT Object is locked skipped
C:\Users\Steve Dimond\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Steve Dimond\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Steve Dimond\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf Object is locked skipped
C:\Users\Steve Dimond\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Steve Dimond\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\tracing\BAP.LOG Object is locked skipped
C:\Windows\tracing\IpHlpSvc.LOG Object is locked skipped
C:\Windows\tracing\kerberos\STEVEDIMOND-PC_kerberos_1_6_0_6001_1_0_Service Pack 1_100_6_0_6000_16386__vista_rtm_061101_2205_.etl Object is locked skipped
C:\Windows\tracing\KMDDSP.LOG Object is locked skipped
C:\Windows\tracing\NDPTSP.LOG Object is locked skipped
C:\Windows\tracing\PPP.LOG Object is locked skipped
C:\Windows\tracing\RASAPI32.LOG Object is locked skipped
C:\Windows\tracing\RASBACP.LOG Object is locked skipped
C:\Windows\tracing\RASCCP.LOG Object is locked skipped
C:\Windows\tracing\RASDLG.LOG Object is locked skipped
C:\Windows\tracing\RASEAP.LOG Object is locked skipped
C:\Windows\tracing\RASIPCP.LOG Object is locked skipped
C:\Windows\tracing\RASIPHLP.LOG Object is locked skipped
C:\Windows\tracing\RASIPV6CP.LOG Object is locked skipped
C:\Windows\tracing\RASMAN.LOG Object is locked skipped
C:\Windows\tracing\RASPAP.LOG Object is locked skipped
C:\Windows\tracing\RASQEC.LOG Object is locked skipped
C:\Windows\tracing\RASTAPI.LOG Object is locked skipped
C:\Windows\tracing\svchost_RASCHAP.LOG Object is locked skipped
C:\Windows\tracing\svchost_RASTLS.LOG Object is locked skipped
C:\Windows\tracing\tapi32.LOG Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_2b166a33f17217b5\dnary.xsd Object is locked skipped
C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_2d4d2c2fee5d2889\dnary.xsd Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped
D:\pagefile.sys Object is locked skipped
D:\Program Files\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\setup.ilg Object is locked skipped
D:\WINDOWS\repair\autoexec.nt Object is locked skipped
D:\WINDOWS\repair\config.nt Object is locked skipped
D:\WINDOWS\repair\default Object is locked skipped
D:\WINDOWS\repair\ntuser.dat Object is locked skipped
D:\WINDOWS\repair\sam Object is locked skipped
D:\WINDOWS\repair\secsetup.inf Object is locked skipped
D:\WINDOWS\repair\security Object is locked skipped
D:\WINDOWS\repair\setup.log Object is locked skipped
D:\WINDOWS\repair\software Object is locked skipped
D:\WINDOWS\repair\system Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\default.sav Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\software.sav Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\config\system.sav Object is locked skipped
D:\WINDOWS\system32\config\TempKey.LOG Object is locked skipped
D:\WINDOWS\system32\config\userdiff Object is locked skipped
D:\WINDOWS\system32\config\userdiff.LOG Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\system32\wpa.bak Object is locked skipped
E:\Applications\Daemon-Tools\daemon4121-lite.exe/stream/data0050 Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
E:\Applications\Daemon-Tools\daemon4121-lite.exe/stream Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
E:\Applications\Daemon-Tools\daemon4121-lite.exe NSIS: infected - 2 skipped
E:\Applications\eDonkey, mIRC\eDonkey61.exe/data0005/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
E:\Applications\eDonkey, mIRC\eDonkey61.exe/data0005 Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
E:\Applications\eDonkey, mIRC\eDonkey61.exe NSIS: infected - 2 skipped
E:\Applications\eDonkey, mIRC\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
E:\Applications\eDonkey, mIRC\mirc616.exe mIRC: infected - 1 skipped
E:\Applications\Nero\Nero-7.8.5.0_eng_update.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
E:\Applications\Nero\Nero-7.8.5.0_eng_update.exe RAR: infected - 1 skipped
E:\Old mail files\Outlook.pst.20041126/Personal Folders/ICL Folk/ICL Wine Society/16 Feb 1999 19:14 from Catherine Osborne:ICL Wine Club - Members/membership form.doc Infected: Virus.MSWord.Ethan skipped
E:\Old mail files\Outlook.pst.20041126/Personal Folders/Books/18 Jun 2003 11:37 from Tony (Ken Spelman):York Book Fair 2003.rtf Infected: Virus.JS.Fortnight.b skipped
E:\Old mail files\Outlook.pst.20041126 MailMSMaill: infected - 2 skipped
E:\Old mail files\Outlook.pst.20050311/Personal Folders/ICL Folk/ICL Wine Society/16 Feb 1999 19:14 from Catherine Osborne:ICL Wine Club - Members/membership form.doc Infected: Virus.MSWord.Ethan skipped
E:\Old mail files\Outlook.pst.20050311/Personal Folders/Books/18 Jun 2003 11:37 from Tony (Ken Spelman):York Book Fair 2003.rtf Infected: Virus.JS.Fortnight.b skipped
E:\Old mail files\Outlook.pst.20050311 MailMSMaill: infected - 2 skipped
E:\Old mail files\Outlook_20070517.pst/Personal Folders/Books/18 Jun 2003 11:37 from Tony (Ken Spelman):York Book Fair 2003.rtf Infected: Virus.JS.Fortnight.b skipped
E:\Old mail files\Outlook_20070517.pst MailMSMaill: infected - 1 skipped
E:\Old mail files\Outlook_pre2ndupgd.pst/Personal Folders/Books/18 Jun 2003 11:37 from Tony (Ken Spelman):York Book Fair 2003.rtf Infected: Virus.JS.Fortnight.b skipped
E:\Old mail files\Outlook_pre2ndupgd.pst MailMSMaill: infected - 1 skipped
E:\Old mail files\Outlook_preupgd.pst/Personal Folders/Books/18 Jun 2003 11:37 from Tony (Ken Spelman):York Book Fair 2003.rtf Infected: Virus.JS.Fortnight.b skipped
E:\Old mail files\Outlook_preupgd.pst MailMSMaill: infected - 1 skipped
F:\$RECYCLE.BIN\desktop.ini Object is locked skipped

Scan process completed.


HijackThis log
-------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:31, on 10/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Microsoft Encarta\Encarta Reference Library 2007 DVD\EDICT.EXE
C:\Program Files (x86)\Sprite Software\Sprite Backup\spriteservice.exe
C:\Program Files (x86)\DAEMON Tools\daemon.exe
C:\Program Files (x86)\NeoLink\app\NeoLink-server.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCSVR.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.demon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files (x86)\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files (x86)\ReGet Software\ReGet Deluxe 5.1\IEBar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [E07ZXLRD_13706123] "C:\Program Files (x86)\Microsoft Encarta\Encarta Reference Library 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [SpriteService] "C:\Program Files (x86)\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NeoLink.lnk = C:\Program Files (x86)\NeoLink\app\NeoLink-server.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files (x86)\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files (x86)\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~2\ZIPSCA~1\zs_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O18 - Protocol: x-imgvw - {F15A66AE-D376-484D-BE92-A9DF4F1B12C5} - C:\Program Files (x86)\RSPB Birds\ImgVw.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10567 bytes


Regards,
Steve
SteveDimondHome
Active Member
 
Posts: 6
Joined: April 30th, 2008, 2:48 pm

Re: Paypal account hacked - HijackThis log

Unread postby Carolyn » May 13th, 2008, 9:51 am

Hello Steve,

Remove bad HijackThis entries
  • Right-click on HijackThis and select "Run as administrator"
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):


    F2 - REG:system.ini: UserInit=userinit.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.


Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 6.
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on programs and features and remove all older versions of Java.
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) SE Runtime Environment 6 Update 1
  • Check each program and then click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
  • Note: If you don't want the Google toolbar, make sure you uncheck the option included in the installer!

This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

Re-enable Spybot Search & Destroy Teatimer and Windows Defender.

Hide system files

  1. Click on Start > Control Panel.
  2. Double click on Folder Options.
  3. Select the View tab.
  4. Under Hidden files and folders, select Do not show hidden files and folders.
  5. Check (tick) these two boxes:
      Hide extensions for known file types
      Hide protected operating system files (Recommended)
  6. Click Yes when Windows prompts.
  7. Click OK to apply the settings.

Create a new, clean System Restore point

  1. Click on Start > Control Panel.
  2. Double click on System.
  3. On the left, click on the System Protection link.
  4. At the bottom right hand corner, click on the Create... button.
  5. Give this System Restore point a descriptive name and click on Create.
  6. You should receive a prompt that a System Restore point is created successfully. Click OK to confirm.
  7. Click OK again to close the System Protection window. Then close Control Panel.

Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.


Clear infected System Restore points

  1. Click on Start > All Programs > Accessories > System Tools.
  2. Right click on Disk Cleanup and select Run As Administrator to run it. UAC will prompt. Allow it.
  3. Select your C drive and click OK.
  4. Select the More Options tab.
  5. Under System Restore and Shadow Copies, click on the Clean up... button.
  6. You will receive a prompt. Click on Delete to delete the old System Restore points.
  7. When done, click OK. You will receive another prompt. Click Delete Files to confirm.
  8. When done, Disk Cleanup will automatically close.

Keep your system updated

Update Windows

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows, click on Start > Windows Update (or Start > All Programs > Windows Update if you are using the new Vista Start Menu).

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

  1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  2. Never open emails from unknown senders.
  3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, here are some settings to change to improve the security of Internet Explorer.

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this article to learn how to backup. To restore them, see this article.

If you are using Vista Business, Vista Ultimate or Vista Enterprise, you might want to back up your whole computer instead. See here on how to do it.

To restore, see this tutorial.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.


  2. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.


  3. Spybot Search and Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.

Use an alternative email client

If you are using Outlook Express as your default email client, try using Thunderbird or Pegasus Mail instead.

Here are some more things to read about:

List of clean and infected download managers
Configuring Skype
Greater email safety
Phishing - what is it?
Configuring Outlook Express
The Unofficial Cookie FAQ
Securing your home wireless network
80 Super Security Tips
The different classes of security softwares
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Paypal account hacked - HijackThis log

Unread postby SteveDimondHome » May 13th, 2008, 12:55 pm

Hi Carolyn,

Many thanks for all your help. I'm glad that my PC is clear. :D

Regards,
Steve
SteveDimondHome
Active Member
 
Posts: 6
Joined: April 30th, 2008, 2:48 pm

Re: Paypal account hacked - HijackThis log

Unread postby Elrond » May 13th, 2008, 2:41 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware