Hi Tim S
I'm back!
Thank you for your patience and all your help.
Have followed all instructions and here are the results of the scans.
WinPFind3 logfile created on: 09/04/2007 22:55:41
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
511.48 Mb Total Physical Memory | 237.23 Mb Available Physical Memory | 46.38% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 61.51 Gb Free Space | 82.54% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: LYNNE
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 06/06/2005 23:46:24 | Attr = ]
application launcher.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Modified Date = 26/10/2005 17:17:24 | Attr = R ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 26/02/2007 11:53:56 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 09/02/2007 17:21:32 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 26/02/2007 11:53:58 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 07/12/2006 14:21:56 | Attr = ]
capabilitymanager.exe -> %CommonProgramFiles%\Teleca Shared\CapabilityManager.exe -> Teleca Software Solutions AB [Ver = 0.0.1.48 | Size = 278528 bytes | Modified Date = 08/06/2005 17:45:04 | Attr = ]
epmworker.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -> Sony Ericsson Mobile Communications AB [Ver = 1, 2, 0,1184 | Size = 872448 bytes | Modified Date = 16/03/2006 09:43:28 | Attr = R ]
generic.exe -> %CommonProgramFiles%\Teleca Shared\Generic.exe -> Teleca Software Solutions [Ver = 1, 0, 3, 2 | Size = 385024 bytes | Modified Date = 10/08/2005 08:54:34 | Attr = R ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 28/03/2003 14:12:10 | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 28/03/2003 14:09:32 | Attr = ]
lxbkbmgr.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 28/03/2003 14:18:46 | Attr = ]
lxbkbmon.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmon.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 28/03/2003 14:39:32 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 16/12/2006 16:25:56 | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 23:05:26 | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.05 | Size = 55296 bytes | Modified Date = 10/06/2003 12:12:28 | Attr = R ]
sp_rsser.exe -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 1.8.2.121 | Size = 902144 bytes | Modified Date = 25/01/2007 23:42:26 | Attr = ]
sprtcmd.exe -> %ProgramFiles%\TalkTalk\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,7,1035,0 | Size = 192512 bytes | Modified Date = 16/08/2005 00:12:02 | Attr = ]
spywareterminatorshield.exe -> %ProgramFiles%\Spyware Terminator\SpywareTerminatorShield.exe -> Crawler.com [Ver = 1.8.2.458 | Size = 2903040 bytes | Modified Date = 25/01/2007 23:42:18 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 23/08/2006 23:38:26 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 08/04/2007 19:02:38 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 23/08/2006 23:38:28 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 26/02/2007 11:53:56 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 07/12/2006 14:21:56 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 26/02/2007 11:53:58 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 00:56:50 | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 28/03/2003 14:12:10 | Attr = ]
(sp_clamsrv) Spyware Terminator Clam Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\WinClamAVShield\sp_clamsrv.exe -> Crawler.com [Ver = 1.1.0.11 | Size = 312320 bytes | Modified Date = 09/01/2007 15:44:32 | Attr = ]
(sp_rssrv) Spyware Terminator Realtime Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 1.8.2.121 | Size = 902144 bytes | Modified Date = 25/01/2007 23:42:26 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 23/08/2006 23:38:26 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 06/06/2005 23:46:24 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 09/02/2007 17:21:32 | Attr = ]
Lexmark X1100 Series -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 28/03/2003 14:18:46 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 11:50:42 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 16/12/2006 16:25:56 | Attr = ]
Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Modified Date = 26/10/2005 17:17:24 | Attr = R ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.05 | Size = 55296 bytes | Modified Date = 10/06/2003 12:12:28 | Attr = R ]
SpywareTerminator -> %ProgramFiles%\Spyware Terminator\SpywareTerminatorShield.exe -> Crawler.com [Ver = 1.8.2.458 | Size = 2903040 bytes | Modified Date = 25/01/2007 23:42:18 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14/03/2007 03:43:44 | Attr = ]
TalkTalk -> %ProgramFiles%\TalkTalk\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,7,1035,0 | Size = 192512 bytes | Modified Date = 16/08/2005 00:12:02 | Attr = ]
Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 23/08/2006 23:38:28 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 23:05:26 | Attr = ]
< User Startup > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
%UserStartup%\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 29/08/2003 20:05:36 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 15:13:28 | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 19/01/2007 17:33:06 | Attr = ]
{81559C35-8464-49F7-BB0E-07A383BEF910} [HKLM] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 03/08/2003 00:20:58 | Attr = R ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 09/03/2007 18:31:48 | Attr = ]
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL ->
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKLM: Main\\Default_Search_URL ->
http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page ->
http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page ->
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL ->
http://www.google.com/ie ->
HKLM: SearchAssistant ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar ->
http://www.google.com/ie ->
HKCU: Search Page ->
http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page ->
http://www.bbc.co.uk/ ->
HKCU: SearchAssistant ->
http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 05:16:42 | Attr = ]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 03/08/2003 00:24:02 | Attr = R ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 04/08/2005 21:54:42 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 04/08/2005 21:54:42 | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 14/03/2007 03:43:42 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{4E2E22FC-9F3B-4823-A95D-176801E2D463} -> (Sony Ericsson Device 039 USB Ethernet Emulation (NDIS 5)) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase =
http://www.apple.com/qtactivex/qtplugin.cab ->
{0E5F0222-96B9-11D3-8997-00104BD12D94} -> PCPitstop Utility - CodeBase =
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase =
http://www.kaspersky.com/kos/english/ka ... nicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase =
http://fpdownload.macromedia.com/get/sh ... tor/sw.cab ->
{1803B9EF-9905-4F34-AFC4-05D1BAB28801} -> RegUserCfgUI Class - CodeBase =
http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase =
http://security.symantec.com/sscv6/Shar ... vSniff.cab ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase =
http://download.microsoft.com/download/ ... mv9dmo.cab ->
{4C39376E-FA9D-4349-BACC-D305C1750EF3} -> EPUImageControl Class - CodeBase =
http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab ->
{4F912770-A045-4603-951E-9B8377084354} -> cpbrukie2 Control - CodeBase =
http://a19.g.akamai.net/7/19/7125/1450/ ... rukie2.cab ->
{556DDE35-E955-11D0-A707-000000521957} -> - CodeBase =
http://www.xblock.com/download/xclean_micro.exe ->
{56393399-041A-4650-94C7-13DFCB1F4665} -> PSFormX Control - CodeBase =
http://www.pcpitstop.com/pestscan/pestscan.cab ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase =
http://security.symantec.com/sscv6/Shar ... /cabsa.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase =
http://update.microsoft.com/microsoftup ... 0269298359 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase =
http://acs.pandasoftware.com/activescan ... asinst.cab ->
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> SABScanProcesses Class - CodeBase =
http://www.superadblocker.com/activex/sabspx.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase =
http://messenger.msn.com/download/MsnMe ... loader.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase =
http://fpdownload.macromedia.com/pub/sh ... wflash.cab ->
{EFAEF0E4-F044-4D57-9900-1C3FF18524C9} -> AV Class - CodeBase =
http://www.pcpitstop.com/antivirus/PitPav.cab ->
[Files/Folders - Created Within 30 days]
00ba4f22e7f49882b6 -> %SystemDrive%\00ba4f22e7f49882b6 -> [Folder | Created Date = 02/04/2007 21:34:00 | Attr = ]
2243aa5ee46c561e7a9ec9 -> %SystemDrive%\2243aa5ee46c561e7a9ec9 -> [Folder | Created Date = 05/04/2007 18:27:46 | Attr = ]
2a53cc3a6c57640b34013b -> %SystemDrive%\2a53cc3a6c57640b34013b -> [Folder | Created Date = 30/03/2007 10:03:02 | Attr = ]
2aa779501c3d24b220693e -> %SystemDrive%\2aa779501c3d24b220693e -> [Folder | Created Date = 05/04/2007 07:10:19 | Attr = ]
4287b71e2ead49288b6cda -> %SystemDrive%\4287b71e2ead49288b6cda -> [Folder | Created Date = 03/04/2007 09:43:01 | Attr = ]
446f5b1a31e15d9f364fb1b7f5 -> %SystemDrive%\446f5b1a31e15d9f364fb1b7f5 -> [Folder | Created Date = 09/04/2007 21:14:03 | Attr = ]
48544ada41f79d10c0 -> %SystemDrive%\48544ada41f79d10c0 -> [Folder | Created Date = 06/04/2007 06:56:18 | Attr = ]
4bd97ee6287d1778ab3d9440 -> %SystemDrive%\4bd97ee6287d1778ab3d9440 -> [Folder | Created Date = 03/04/2007 09:07:05 | Attr = ]
4c3fe6ec9bed209481616f2645 -> %SystemDrive%\4c3fe6ec9bed209481616f2645 -> [Folder | Created Date = 03/04/2007 19:39:00 | Attr = ]
51cddd1ef164f41a45bb -> %SystemDrive%\51cddd1ef164f41a45bb -> [Folder | Created Date = 31/03/2007 09:51:42 | Attr = ]
77ea23c19e40a7bb937114b27d3ae112 -> %SystemDrive%\77ea23c19e40a7bb937114b27d3ae112 -> [Folder | Created Date = 30/03/2007 19:47:22 | Attr = ]
8874af8910ac11771a -> %SystemDrive%\8874af8910ac11771a -> [Folder | Created Date = 29/03/2007 18:30:10 | Attr = ]
8af9422269fdd0d9b132dc -> %SystemDrive%\8af9422269fdd0d9b132dc -> [Folder | Created Date = 30/03/2007 18:45:09 | Attr = ]
97844e1edf10c27742079ab8efb1b554 -> %SystemDrive%\97844e1edf10c27742079ab8efb1b554 -> [Folder | Created Date = 03/04/2007 09:27:35 | Attr = ]
a066f734c2bc552a84 -> %SystemDrive%\a066f734c2bc552a84 -> [Folder | Created Date = 29/03/2007 12:49:49 | Attr = ]
d383747349e61cff04fb5971 -> %SystemDrive%\d383747349e61cff04fb5971 -> [Folder | Created Date = 06/04/2007 07:28:55 | Attr = ]
ef879d58f1ddc20946ad13291b5e2756 -> %SystemDrive%\ef879d58f1ddc20946ad13291b5e2756 -> [Folder | Created Date = 04/04/2007 13:09:56 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Created Date = 01/01/1601 | Attr = HS]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 04/04/2007 13:10:25 | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 15/03/2007 17:34:55 | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Created Date = 28/03/2007 19:44:31 | Attr = R S]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 28/03/2007 15:00:13 | Attr = ]
asdjhweq.exe -> %System32%\asdjhweq.exe -> [Ver = | Size = 98304 bytes | Created Date = 03/04/2007 09:12:11 | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 28/03/2007 15:01:45 | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 04/04/2007 17:08:36 | Attr = ]
eglcqsab -> %System32%\eglcqsab -> [Folder | Created Date = 03/04/2007 09:12:09 | Attr = ]
fahefxi.dll -> %System32%\fahefxi.dll -> [Ver = | Size = 64000 bytes | Created Date = 04/04/2007 12:52:40 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 09/04/2007 21:52:42 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 09/04/2007 21:52:42 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 09/04/2007 21:52:42 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 09/04/2007 21:52:42 | Attr = ]
Process.exe -> %System32%\Process.exe ->
http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 04/04/2007 17:08:36 | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 04/04/2007 17:08:36 | Attr = ]
stcheck32.exe -> %System32%\stcheck32.exe -> [Ver = | Size = 262656 bytes | Created Date = 03/04/2007 09:12:04 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 04/04/2007 17:08:36 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 04/04/2007 17:08:36 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 04/04/2007 17:08:36 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2596 bytes | Created Date = 04/04/2007 17:09:00 | Attr = ]
udvdnzm.dll -> %System32%\udvdnzm.dll -> [Ver = | Size = 63488 bytes | Created Date = 03/04/2007 09:12:13 | Attr = ]
SE27bus.sys -> %System32%\drivers\SE27bus.sys -> MCCI [Ver = V4.34 | Size = 61600 bytes | Created Date = 28/03/2007 14:56:13 | Attr = R ]
SE27cm.sys -> %System32%\drivers\SE27cm.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 28/03/2007 14:56:54 | Attr = R ]
SE27cmnt.sys -> %System32%\drivers\SE27cmnt.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 28/03/2007 14:56:54 | Attr = R ]
se27cr.sys -> %System32%\drivers\se27cr.sys -> MCCI [Ver = V4.34 | Size = 4128 bytes | Created Date = 28/03/2007 14:58:50 | Attr = R ]
SE27mdfl.sys -> %System32%\drivers\SE27mdfl.sys -> MCCI [Ver = V4.34 | Size = 9360 bytes | Created Date = 28/03/2007 14:56:54 | Attr = R ]
SE27mdm.sys -> %System32%\drivers\SE27mdm.sys -> MCCI [Ver = V4.34 | Size = 97184 bytes | Created Date = 28/03/2007 14:56:54 | Attr = R ]
SE27mgmt.sys -> %System32%\drivers\SE27mgmt.sys -> MCCI [Ver = V4.34 | Size = 88688 bytes | Created Date = 28/03/2007 14:58:30 | Attr = R ]
se27nd5.sys -> %System32%\drivers\se27nd5.sys -> MCCI [Ver = V4.34 | Size = 18704 bytes | Created Date = 28/03/2007 14:59:15 | Attr = R ]
SE27obex.sys -> %System32%\drivers\SE27obex.sys -> MCCI [Ver = V4.34 | Size = 86560 bytes | Created Date = 28/03/2007 14:58:08 | Attr = R ]
se27unic.sys -> %System32%\drivers\se27unic.sys -> MCCI [Ver = V4.34 | Size = 90800 bytes | Created Date = 28/03/2007 14:58:50 | Attr = R ]
se27wh.sys -> %System32%\drivers\se27wh.sys -> MCCI [Ver = V4.34 | Size = 5872 bytes | Created Date = 28/03/2007 14:56:13 | Attr = R ]
SE27whnt.sys -> %System32%\drivers\SE27whnt.sys -> MCCI [Ver = V4.34 | Size = 5872 bytes | Created Date = 28/03/2007 14:56:13 | Attr = R ]
[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 29/03/2007 19:05:06 | Attr = RH ]
00ba4f22e7f49882b6 -> %SystemDrive%\00ba4f22e7f49882b6 -> [Folder | Modified Date = 05/04/2007 10:36:20 | Attr = ]
2243aa5ee46c561e7a9ec9 -> %SystemDrive%\2243aa5ee46c561e7a9ec9 -> [Folder | Modified Date = 05/04/2007 19:27:50 | Attr = ]
2a53cc3a6c57640b34013b -> %SystemDrive%\2a53cc3a6c57640b34013b -> [Folder | Modified Date = 05/04/2007 10:36:20 | Attr = ]
2aa779501c3d24b220693e -> %SystemDrive%\2aa779501c3d24b220693e -> [Folder | Modified Date = 05/04/2007 10:36:22 | Attr = ]
4287b71e2ead49288b6cda -> %SystemDrive%\4287b71e2ead49288b6cda -> [Folder | Modified Date = 03/04/2007 10:43:36 | Attr = ]
446f5b1a31e15d9f364fb1b7f5 -> %SystemDrive%\446f5b1a31e15d9f364fb1b7f5 -> [Folder | Modified Date = 09/04/2007 22:14:08 | Attr = ]
48544ada41f79d10c0 -> %SystemDrive%\48544ada41f79d10c0 -> [Folder | Modified Date = 06/04/2007 07:56:22 | Attr = ]
4bd97ee6287d1778ab3d9440 -> %SystemDrive%\4bd97ee6287d1778ab3d9440 -> [Folder | Modified Date = 05/04/2007 10:36:22 | Attr = ]
4c3fe6ec9bed209481616f2645 -> %SystemDrive%\4c3fe6ec9bed209481616f2645 -> [Folder | Modified Date = 05/04/2007 10:36:22 | Attr = ]
51cddd1ef164f41a45bb -> %SystemDrive%\51cddd1ef164f41a45bb -> [Folder | Modified Date = 05/04/2007 10:36:22 | Attr = ]
77ea23c19e40a7bb937114b27d3ae112 -> %SystemDrive%\77ea23c19e40a7bb937114b27d3ae112 -> [Folder | Modified Date = 05/04/2007 10:36:22 | Attr = ]
8874af8910ac11771a -> %SystemDrive%\8874af8910ac11771a -> [Folder | Modified Date = 05/04/2007 10:36:22 | Attr = ]
8af9422269fdd0d9b132dc -> %SystemDrive%\8af9422269fdd0d9b132dc -> [Folder | Modified Date = 05/04/2007 10:36:22 | Attr = ]
97844e1edf10c27742079ab8efb1b554 -> %SystemDrive%\97844e1edf10c27742079ab8efb1b554 -> [Folder | Modified Date = 03/04/2007 10:28:14 | Attr = ]
a066f734c2bc552a84 -> %SystemDrive%\a066f734c2bc552a84 -> [Folder | Modified Date = 05/04/2007 10:36:22 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 09/04/2007 22:52:48 | Attr = ]
d383747349e61cff04fb5971 -> %SystemDrive%\d383747349e61cff04fb5971 -> [Folder | Modified Date = 06/04/2007 08:29:00 | Attr = ]
ef879d58f1ddc20946ad13291b5e2756 -> %SystemDrive%\ef879d58f1ddc20946ad13291b5e2756 -> [Folder | Modified Date = 05/04/2007 10:41:28 | Attr = ]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 05/04/2007 08:47:20 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Modified Date = 09/04/2007 22:49:28 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 09/04/2007 22:51:58 | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 04/04/2007 19:15:56 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 09/04/2007 22:29:14 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 03/04/2007 22:03:14 | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 04/04/2007 14:10:28 | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 15/03/2007 18:34:58 | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 05/04/2007 11:03:44 | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 28/03/2007 20:45:42 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 09/04/2007 22:49:34 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 03/04/2007 22:57:14 | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 28/03/2007 16:00:44 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 05/04/2007 11:05:28 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 28/03/2007 20:35:28 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 13/03/2007 18:59:52 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 05/04/2007 18:26:08 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 09/04/2007 22:52:48 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 09/04/2007 22:52:22 | Attr = ]
LEXSTAT.INI -> %SystemRoot%\LEXSTAT.INI -> [Ver = | Size = 645 bytes | Modified Date = 05/04/2007 10:52:16 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 03/04/2007 22:56:44 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 135 bytes | Modified Date = 28/03/2007 21:02:04 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 09/04/2007 22:55:44 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 28/03/2007 20:45:54 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 05/04/2007 11:39:02 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 09/04/2007 22:52:44 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 09/04/2007 22:50:24 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 29/03/2007 13:50:14 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 09/04/2007 22:49:44 | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 05/04/2007 11:39:10 | Attr = ]
asdjhweq.exe -> %System32%\asdjhweq.exe -> [Ver = | Size = 98304 bytes | Modified Date = 04/04/2007 13:52:40 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 05/04/2007 18:26:06 | Attr = ]
climbubm -> %System32%\climbubm -> [Folder | Modified Date = 12/03/2007 09:42:06 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 05/04/2007 11:39:36 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 04/04/2007 14:10:28 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 05/04/2007 11:41:06 | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 28/03/2007 16:02:46 | Attr = ]
eglcqsab -> %System32%\eglcqsab -> [Folder | Modified Date = 04/04/2007 09:22:44 | Attr = ]
fahefxi.dll -> %System32%\fahefxi.dll -> [Ver = | Size = 64000 bytes | Modified Date = 04/04/2007 13:52:42 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 107808 bytes | Modified Date = 04/04/2007 17:52:50 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 05/04/2007 10:35:38 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Modified Date = 14/03/2007 00:31:24 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Modified Date = 14/03/2007 02:04:46 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Modified Date = 14/03/2007 00:31:28 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Modified Date = 14/03/2007 02:04:46 | Attr = ]
mui -> %System32%\mui -> [Folder | Modified Date = 28/03/2007 20:44:46 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 05/04/2007 10:35:38 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 65768 bytes | Modified Date = 28/03/2007 20:46:28 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 449712 bytes | Modified Date = 28/03/2007 20:46:28 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 468638 bytes | Modified Date = 28/03/2007 20:46:28 | Attr = ]
stcheck32.exe -> %System32%\stcheck32.exe -> [Ver = | Size = 262656 bytes | Modified Date = 03/04/2007 10:12:06 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2596 bytes | Modified Date = 04/04/2007 18:09:02 | Attr = ]
udvdnzm.dll -> %System32%\udvdnzm.dll -> [Ver = | Size = 63488 bytes | Modified Date = 03/04/2007 10:12:14 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 05/04/2007 10:35:38 | Attr = ]
URTTemp -> %System32%\URTTemp -> [Folder | Modified Date = 28/03/2007 20:45:42 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 48882 bytes | Modified Date = 09/04/2007 22:50:28 | Attr = H ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 05/04/2007 11:44:58 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 09/04/2007 22:50:38 | Attr = ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 05/04/2007 11:45:16 | Attr = ]
[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\choice.exe -> [Ver = | Size = 21312 bytes | Modified Date = 21/12/1999 07:58:02 | Attr = ]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.1.12 | Size = 8605696 bytes | Modified Date = 18/06/2003 07:14:48 | Attr = R ]
UPX! , UPX0 , -> %System32%\asdjhweq.exe -> [Ver = | Size = 98304 bytes | Modified Date = 04/04/2007 13:52:40 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 25/08/2006 04:47:00 | Attr = ]
Thawte Consulting , -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 25/08/2006 04:47:00 | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 25/08/2006 04:47:00 | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 25/08/2006 04:47:00 | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 17:49:30 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 19:43:54 | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 10:36:06 | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 06:20:34 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 26/02/2007 11:53:50 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 22:41:38 | Attr = ]
< End of report >
Logfile of HijackThis v1.99.1
Scan saved at 23:11:58, on 09/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bbc.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) -
http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {4F912770-A045-4603-951E-9B8377084354} (cpbrukie2 Control) -
http://a19.g.akamai.net/7/19/7125/1450/ ... rukie2.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -
http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 0269298359
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) -
http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Will await further instructions! Thanks again.