Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjackthis Log For Winantivius Thing


  • This topic is locked This topic is locked
16 replies to this topic

#1 yampybird

yampybird

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:It's cold, it's wet - Oh must be Telford then!
  • Local time:05:37 AM

Posted 29 August 2007 - 06:01 PM

Hiya hope you can help I've beehaving repeated popups of winAnivirus stuff that is driving me mad, have done everything you advise and still keep coming up with the same malware problem. :thumbsup:

I have no idea where it has come from as usually very careful, have a teenager in the house and that may not help matters. It seemed to start after I loaded norton 360?

I look forward to your solution.

Kind regards
Yampybird


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:57 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Belkin\Belkin keyboard driver\KbdAp32A.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Kontiki\iplayer_live\KHost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Belkin\Belkin keyboard driver\KbdAp32A.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\yloxpwwd.dll",forkonce
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Kontiki\iplayer_live\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175004181218
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab55579.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\wlfpukvh.exe (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13236 bytes
Yampybird

You know you're getting on a bit when you have to scroll down to find your birth year on forms or when you have
to put your nose on the screen to
read things clearly

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:37 AM

Posted 29 August 2007 - 06:48 PM

Hello yampybird,

Welcome back to Bleeping Computer :thumbsup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 yampybird

yampybird
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:It's cold, it's wet - Oh must be Telford then!
  • Local time:05:37 AM

Posted 30 August 2007 - 02:21 AM

Hiya

I'd like to say it's great to be back but that might be stretching the truth a bit :thumbsup:

Thanks for the reply here is the combofix log

ComboFix 07-08-30.2 - "HP_Administrator" 2007-08-30 7:56:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1159 [GMT 1:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\akmpqjkr.dll
C:\WINDOWS\system32\biuypcyl.ini
C:\WINDOWS\system32\dwwpxoly.ini
C:\WINDOWS\system32\efcvhlth.ini
C:\WINDOWS\system32\ejroquhg.exe
C:\WINDOWS\system32\fninugcv.exe
C:\WINDOWS\system32\hcxfktbt.exe
C:\WINDOWS\system32\htlhvcfe.dll
C:\WINDOWS\system32\iiymjtus.dll
C:\WINDOWS\system32\ikslicns.exe
C:\WINDOWS\system32\lycpyuib.dll
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\mnnmp.tmp
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\yloxpwwd.dll
D:\Autorun.inf


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))


2007-08-30 07:55 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-29 23:34 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-29 19:43 <DIR> d-------- C:\Program Files\RegCure
2007-08-29 10:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-29 10:25 <DIR> d-------- C:\Program Files\XoftSpySE
2007-08-28 23:05 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-28 23:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-28 22:45 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-08-26 17:21 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-26 10:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Documents
2007-08-26 09:09 <DIR> d-------- C:\Program Files\THQ
2007-08-26 02:14 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-08-26 01:05 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\MSNInstaller
2007-08-25 22:42 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Symantec
2007-08-25 22:02 <DIR> d-------- C:\Program Files\Norton 360
2007-08-25 22:01 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-25 22:01 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-25 21:55 155,648 --a------ C:\WINDOWS\system32\tele.exe
2007-08-25 12:28 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-08-25 12:27 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-08-25 12:27 <DIR> d-------- C:\Program Files\QuickTime
2007-08-25 12:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-06 17:02 <DIR> d-------- C:\Program Files\Kontiki
2007-08-06 17:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-08-06 17:01 4,494,640 --a------ C:\Program Files\BBC-iPlayer_Setup.exe
2007-08-04 23:36 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Nokia Multimedia Player
2007-08-02 16:45 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-08-02 16:45 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-08-02 16:44 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-08-02 16:44 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-08-02 16:44 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-08-02 16:44 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-08-02 16:44 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-08-02 16:44 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-08-02 16:44 <DIR> d-------- C:\Program Files\Nokia
2007-07-31 15:32 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
2007-07-27 15:42 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Phone Browser
2007-07-27 14:56 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Nokia
2007-07-27 14:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-07-27 14:55 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-07-27 14:55 <DIR> d-------- C:\Program Files\DIFX
2007-07-27 14:55 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\PC Suite
2007-07-27 14:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-07-27 13:49 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeAUM
2007-07-23 12:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-07-11 14:37 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-11 10:43 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinBatch
2007-07-06 17:45 <DIR> d-------- C:\Rebecca
2007-07-06 17:45 <DIR> d-------- C:\Paul
2007-07-06 15:02 <DIR> d-------- C:\Program Files\InterActual


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 08:02 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-30 07:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-28 23:04 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 17:21 --------- d-------- C:\Program Files\MSN Messenger
2007-08-26 09:09 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-26 09:08 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-26 01:06 --------- d-------- C:\Program Files\MySpace
2007-08-25 22:23 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-25 22:06 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-08-25 22:06 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-25 22:06 --------- d-------- C:\Program Files\Symantec
2007-08-25 12:59 --------- d-------- C:\Program Files\Belkin
2007-07-31 15:27 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Canon
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 07:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 12:21 186256 --a------ C:\WINDOWS\system32\SymNPPWA.dll
2007-07-13 00:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 15:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
2006-02-19 10:28 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 00:56 C:\WINDOWS\RTHDCPL.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 01:59]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 14:35]
"nwiz"="nwiz.exe" [2006-10-31 14:35 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 02:23]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2005-08-16 00:12]
"LWBKEYBOARD"="C:\Program Files\Belkin\Belkin keyboard driver\KbdAp32A.exe" [2005-06-07 14:11]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-19 13:32]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-21 08:04]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-25 12:28]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 04:10]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 13:53]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-09-21 07:29:22]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-09-21 07:29:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"=0 (0x0)
"DisableChangePassword"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\WINDOWS\system32\EZUPBH~1.DLL [2007-03-27 14:33 49152]

R2 ezDRMClientSvc;DRM Service;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\WINDOWS\system32\ezNTSvc.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezDRMClientSvc

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-08-30 07:01:47 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe
2007-08-30 06:46:16 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-08-30 07:01:40 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-29 09:25:14 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 08:01:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-30 8:03:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-30 08:03

--- E O F ---

and here is the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:52 AM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Belkin\Belkin keyboard driver\KbdAp32A.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Belkin\Belkin keyboard driver\KbdAp32A.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175004181218
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab55579.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13580 bytes


Thanks for the help
Yampybird

You know you're getting on a bit when you have to scroll down to find your birth year on forms or when you have
to put your nose on the screen to
read things clearly

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:37 AM

Posted 30 August 2007 - 03:04 PM

Hello,

You're welcome. :thumbsup:

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u2.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Download the trial version of Spy Sweeper from
Here


Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread.

How is it running now?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 yampybird

yampybird
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:It's cold, it's wet - Oh must be Telford then!
  • Local time:05:37 AM

Posted 30 August 2007 - 05:08 PM

Hi Tea

Whilst I was running spysweeper I got an alert from norton saying I had a problem with torjan.vundo. I waited until spysweeper had finished and carried out all of the actions you asked for, and then I fixed the problem (well norton did ... possibly). Anyway I have the spysweeper log here and I added another HJT log too just in case.

10:47 PM: Deletion from quarantine completed. Elapsed time 00:00:00
10:47 PM: Processing: zedo cookie
10:47 PM: Processing: atlas dmt cookie
10:47 PM: Processing: webtrendslive cookie
10:47 PM: Processing: reliablestats cookie
10:47 PM: Processing: questionmarket cookie
10:47 PM: Processing: 2o7.net cookie
10:47 PM: Processing: 888 cookie
10:47 PM: Deletion from quarantine initiated
10:47 PM: Removal process completed. Elapsed time 00:00:01
10:47 PM: Quarantining All Traces: zedo cookie
10:47 PM: Quarantining All Traces: webtrendslive cookie
10:47 PM: Quarantining All Traces: reliablestats cookie
10:47 PM: Quarantining All Traces: questionmarket cookie
10:47 PM: Quarantining All Traces: atlas dmt cookie
10:47 PM: Quarantining All Traces: 888 cookie
10:47 PM: Quarantining All Traces: 2o7.net cookie
10:47 PM: Removal process initiated
10:44 PM: Traces Found: 7
10:44 PM: Custom Sweep has completed. Elapsed time 00:22:19
10:44 PM: File Sweep Complete, Elapsed Time: 00:19:52
10:41 PM: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned.
10:41 PM: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned.
10:41 PM: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.
10:41 PM: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_23_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_23_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_22_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_22_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_21_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_21_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_20_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_20_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_19_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_19_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_18_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_18_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_17_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_17_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_16_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_16_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_15_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_15_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_14_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_14_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_13_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_13_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_12_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_12_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_11_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_11_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_10_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_10_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_09_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_09_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_08_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_08_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_07_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_07_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_06_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_06_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_05_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_05_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_04_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_04_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_03_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_03_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_02_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_02_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_01_3.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_01_2.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_01_1.vob". Copy Protection Error - The read failed because the sector is encrypted
10:41 PM: Warning: Failed to read file "e:\video_ts\vts_01_0.vob". Copy Protection Error - The read failed because the sector is encrypted
10:34 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsf26f812e-21e8-4fc0-acaf-246d1a4f158b.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms42afab09-1508-4390-acbe-7e71cf60274d.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsce050be3-fac3-41eb-8bed-cf75b0c740b9.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms071c80ed-530a-4c99-a10a-a421806a1963.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse574e868-88bf-48d9-baed-8f46fb54b598.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms122878a9-7843-474f-9f00-e010d509e2a7.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms79ae407c-83ca-4427-b3e1-6687557e818b.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms8f2177f9-8c40-4b64-b099-30a0f424da31.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms6dbafb6a-5d79-448e-9a17-d53cd07ca54d.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms3c9531c2-04ac-42c1-b1e4-9c2db53527ab.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsbce161f0-cde7-470b-bc0d-77cc58c0f401.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms536c9188-681c-41df-bc8c-f2962f109006.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\0zvge3vm\ca1b8qvo.htm". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\windows\temp\jet18fc.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\windows\temp\jet1553.tmp". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\pix1x09h\f_norm_no[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\0zvge3vm\f_norm[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\mhnp3825\newpost[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\g5ahfxla\f_norm_dot[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\fmjh3pvd\hijackthis[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\mhnp3825\step9[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\pix1x09h\step8[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\1e87pvno\step7[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\1e87pvno\stinger[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\fmjh3pvd\step6[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\0zvge3vm\bitdefender[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\c033kbwc\panda[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\mhnp3825\step5[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\1e87pvno\spybot[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\pix1x09h\step4[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\g5ahfxla\step3[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\c033kbwc\step2[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\2sl046kq\dalert[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\c033kbwc\step1[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\1e87pvno\spacer[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\2sl046kq\pip[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\0zvge3vm\to_post_off[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\g5ahfxla\user-offline[1].png". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\1e87pvno\menu_item[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\c033kbwc\menu_action_down[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\0zvge3vm\nav_m[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\fmjh3pvd\nav[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\1e87pvno\p_numb2[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\g5ahfxla\pa-preview-shadow[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\c033kbwc\desktop.ini". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\pix1x09h\desktop.ini". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\g5ahfxla\desktop.ini". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\mhnp3825\desktop.ini". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\1e87pvno\desktop.ini". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\2sl046kq\desktop.ini". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\0zvge3vm\topg[1].gif". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\0zvge3vm\desktop.ini". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\fmjh3pvd\desktop.ini". The operation completed successfully
10:34 PM: Warning: Failed to open file "c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\1e87pvno\f_pinned[1].gif". The operation completed successfully
10:33 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\symantec\shared\qbackup\index.qbs". The operation completed successfully
10:32 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\qoobox\quarantine\c\windows\system32\yloxpwwd.dll.vir". "c:\qoobox\quarantine\c\windows\system32\yloxpwwd.dll.vir": File not found
10:32 PM: Warning: Failed to read file "c:\qoobox\quarantine\c\windows\system32\yloxpwwd.dll.vir". "c:\qoobox\quarantine\c\windows\system32\yloxpwwd.dll.vir": File not found
10:32 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\qoobox\quarantine\c\windows\system32\fninugcv.exe.vir". "c:\qoobox\quarantine\c\windows\system32\fninugcv.exe.vir": File not found
10:30 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\qoobox\quarantine\c\windows\system32\htlhvcfe.dll.vir". "c:\qoobox\quarantine\c\windows\system32\htlhvcfe.dll.vir": File not found
10:30 PM: Warning: Failed to read file "c:\qoobox\quarantine\c\windows\system32\htlhvcfe.dll.vir". "c:\qoobox\quarantine\c\windows\system32\htlhvcfe.dll.vir": File not found
10:26 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\system volume information\_restore{f7149ec7-4fa5-4148-81fa-2f7a6348fd9a}\rp194\a0021252.dll". "c:\system volume information\_restore{f7149ec7-4fa5-4148-81fa-2f7a6348fd9a}\rp194\a0021252.dll": File not found
10:26 PM: Warning: Failed to read file "c:\system volume information\_restore{f7149ec7-4fa5-4148-81fa-2f7a6348fd9a}\rp194\a0021252.dll". "c:\system volume information\_restore{f7149ec7-4fa5-4148-81fa-2f7a6348fd9a}\rp194\a0021252.dll": File not found
10:24 PM: Starting File Sweep
10:24 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:24 PM: c:\documents and settings\hp_administrator\cookies\hp_administrator@zedo[2].txt (ID = 3762)
10:24 PM: Found Spy Cookie: zedo cookie
10:24 PM: c:\documents and settings\hp_administrator\cookies\hp_administrator@statse.webtrendslive[1].txt (ID = 3667)
10:24 PM: Found Spy Cookie: webtrendslive cookie
10:24 PM: c:\documents and settings\hp_administrator\cookies\hp_administrator@stats1.reliablestats[1].txt (ID = 3254)
10:24 PM: Found Spy Cookie: reliablestats cookie
10:24 PM: c:\documents and settings\hp_administrator\cookies\hp_administrator@questionmarket[1].txt (ID = 3217)
10:24 PM: Found Spy Cookie: questionmarket cookie
10:24 PM: c:\documents and settings\hp_administrator\cookies\hp_administrator@atdmt[2].txt (ID = 2253)
10:24 PM: Found Spy Cookie: atlas dmt cookie
10:24 PM: c:\documents and settings\hp_administrator\cookies\hp_administrator@888[1].txt (ID = 2019)
10:24 PM: Found Spy Cookie: 888 cookie
10:24 PM: c:\documents and settings\hp_administrator\cookies\hp_administrator@2o7[1].txt (ID = 1957)
10:24 PM: Found Spy Cookie: 2o7.net cookie
10:24 PM: Starting Cookie Sweep
10:24 PM: Registry Sweep Complete, Elapsed Time:00:00:13
10:24 PM: Starting Registry Sweep
10:24 PM: Memory Sweep Complete, Elapsed Time: 00:02:09
10:22 PM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume E:
10:22 PM: Starting Memory Sweep
10:22 PM: Start Custom Sweep
10:22 PM: Sweep initiated using definitions version 979
Keylogger: Off
10:19 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
10:19 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
10:19 PM: Shield States
10:19 PM: License Check Status (0): Success
10:18 PM: Spyware Definitions: 979
10:18 PM: Spy Sweeper 5.5.7.48 started
10:18 PM: Spy Sweeper 5.5.7.48 started
10:18 PM: | Start of Session, Thursday, August 30, 2007 |
***************


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:54 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Belkin\Belkin keyboard driver\KbdAp32A.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [LWBKEYBOARD] "C:\Program Files\Belkin\Belkin keyboard driver\KbdAp32A.exe"
O4 - HKLM\..\Run: [Omnipage] "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AAWTray] "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175004181218
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab55579.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14008 bytes

thanks tea

Look forward to your reply. Oh one other thing - everything seems ok no more popups but my desktop is taking about 3 weeks to load? No idea why - any thoughts?
Yampybird

You know you're getting on a bit when you have to scroll down to find your birth year on forms or when you have
to put your nose on the screen to
read things clearly

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:37 AM

Posted 30 August 2007 - 05:43 PM

Hi there,

Did Norton show you a path while it was screaming at you? I'm thinking it one probably one of 2 places, and we'll take care of that right now, as well as your slow load time. :thumbsup:

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle Bin and reboot your computer.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

The following are not malware, but fixing them with HijackThis will improve your system's speed. None are necessary at startup, and may be started manually at any time. This is up to you. :flowers:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Omnipage] "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot a time or 2 and let me know how it's running now. :huh: Norton calmed down?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 yampybird

yampybird
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:It's cold, it's wet - Oh must be Telford then!
  • Local time:05:37 AM

Posted 30 August 2007 - 06:36 PM

Hi tea

back again

Desktop still very slow, the background comes up but none of the icons or the taskbar appear for ages (3-4 mins)

Not sure if I got rid of combofix or not so included a hjt log. sorry for short answers feeding baby and typing one handed. :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:54 AM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Belkin\Belkin keyboard driver\KbdAp32A.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [LWBKEYBOARD] "C:\Program Files\Belkin\Belkin keyboard driver\KbdAp32A.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AAWTray] "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175004181218
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab55579.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12279 bytes
Yampybird

You know you're getting on a bit when you have to scroll down to find your birth year on forms or when you have
to put your nose on the screen to
read things clearly

#8 yampybird

yampybird
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:It's cold, it's wet - Oh must be Telford then!
  • Local time:05:37 AM

Posted 30 August 2007 - 06:38 PM

Sorry meant to add that norton didn't give any path and no easy find log files either

Thanks again
Yampybird

You know you're getting on a bit when you have to scroll down to find your birth year on forms or when you have
to put your nose on the screen to
read things clearly

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:37 AM

Posted 30 August 2007 - 08:10 PM

Hi,

sorry for short answers feeding baby and typing one handed.

:thumbsup: Well, I know how you feel. I have 6 kids, including a set of twins.

Nothing dire in your HijackThis log. You said this started after you installed Norton (slowness), right? Norton is VERY heavy on resources, so you can expect slowdowns while using it. When is the last time you gave it a defrag, and a good cleaning in general? If you think something is amiss still, let me know and we'll go at this from another angle. :flowers:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 yampybird

yampybird
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:It's cold, it's wet - Oh must be Telford then!
  • Local time:05:37 AM

Posted 30 August 2007 - 08:19 PM

Wow 6 that's impressive, I'm on 4 and I'm stopping there, latest one is 7 weeks old.

No the slowness thing has only been happening today, defrag ok did it on Saturday after installing norton, will run again though.

I think it's something I've done whilst trying to sort out this attack. Probably with RegCure. Oh well it loads eventually and ie is running well now so fingers crossed.

Thank you for your help, you have inspired me to become a trainee, so I will probably see you about. :thumbsup:

It is now 2am in good old blighty and baby shouting for another feed so I shall sign off.

take it easy :flowers:
Yampybird

You know you're getting on a bit when you have to scroll down to find your birth year on forms or when you have
to put your nose on the screen to
read things clearly

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:37 AM

Posted 30 August 2007 - 08:38 PM

Hello,

No need to do this tonight. You must be knackered! :thumbsup:

Have you used the restore feature in RegCure to see if that helped? I'm just not happy with the way it's running, at least not knowing why it's running the way it is.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 yampybird

yampybird
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:It's cold, it's wet - Oh must be Telford then!
  • Local time:05:37 AM

Posted 31 August 2007 - 02:58 AM

Morning Tea

(I know its the middle of the night for you but it will be morning when you read it)

Right - restored regcure but no different, so re-ran the scan and removed reg problems

Then had a go through its sister program Xoftspy SE and it can up with loads of references to winantiviruspro. I have included the logfile I have quarantined all this suff but not removed it yet. no signs of the popups so that's good.

I think I must have done something when I was running regcure. I'm beginning to think that it would be easier to do a windows repair. whotcha think?

Baby up at 5am this morning so only had 3 hours kip, gonna try for some more on the sofa if toddler will let me :thumbsup:

Thanks tea

I

- <XoftSpy>
<Meta info="XoftSpySE-SP1 Tech-Support Log" time="31-08-2007-08-49-20" />
<SysInfo Operating-System="Win XP" Service-Pack="Service Pack 2" XoftSpy-Version="4.33" DB-Version="254" DB-Date="2007/8/29" Working-Dir="C:\Program Files\XoftSpySE\" License-Key="2D802-D4420-821DA-28CDF" Vendor-ID="1" Product-ID="1" Auto-DB-Update="on" Auto-Program-Update="on" Auto-Removal="on" Exit-When-Finished="on" />
<ScanSettings scanActive="true" scanRegistry="true" scanSysFolders="true" scanDrives="true" scanHosts="true" scanAdvScan="true" />
- <Processes>
<Process name="C:\WINDOWS\system32\services.exe" md5="c6ce6eec82f187615d1002bb3bb50ed4" />
<Process name="C:\WINDOWS\system32\lsass.exe" md5="84885f9b82f4d55c6146ebf6065d75d2" />
<Process name="C:\WINDOWS\system32\svchost.exe" md5="8f078ae4ed187aaabc0a305146de6716" />
<Process name="C:\WINDOWS\system32\svchost.exe" md5="8f078ae4ed187aaabc0a305146de6716" />
<Process name="C:\WINDOWS\System32\svchost.exe" md5="8f078ae4ed187aaabc0a305146de6716" />
<Process name="C:\WINDOWS\system32\svchost.exe" md5="8f078ae4ed187aaabc0a305146de6716" />
<Process name="C:\WINDOWS\system32\svchost.exe" md5="8f078ae4ed187aaabc0a305146de6716" />
<Process name="C:\WINDOWS\system32\svchost.exe" md5="8f078ae4ed187aaabc0a305146de6716" />
<Process name="C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" md5="f66e892da958c02b624b4a127cc32f6e" />
<Process name="C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" md5="c920bdfaca767eeabf385e2c8461609a" />
<Process name="C:\WINDOWS\Explorer.EXE" md5="97bd6515465659ff8f3b7be375b2ea87" />
<Process name="C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" md5="43cfca936d211bf7f1cde1ddf807cb76" />
<Process name="C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" md5="c7572c802fec8f539253c2d52bc2972c" />
<Process name="C:\WINDOWS\system32\spoolsv.exe" md5="da81ec57acd4cdc3d4c51cf3d409af9f" />
<Process name="C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" md5="e769ccf3db27276f0ab9d31116a2f416" />
<Process name="C:\WINDOWS\eHome\ehRecvr.exe" md5="5d1347aa5ae6e2f77d7f4f8372d95ac9" />
<Process name="C:\WINDOWS\eHome\ehSched.exe" md5="a53243709439ac2a4c216b817f8d7411" />
<Process name="C:\WINDOWS\system32\ezNTSvc.exe" md5="9f5984873cdea9ba1a0689dabf931e13" />
<Process name="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" md5="ba523965d72d750fad439ea51d633bae" />
<Process name="C:\Program Files\Kontiki\KService.exe" md5="990cc85cd15497e48cf64937b3217aa7" />
<Process name="C:\Program Files\Common Files\LightScribe\LSSrvc.exe" md5="5d4b38a8d8525356798f5e560c3a3090" />
<Process name="C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" md5="11f714f85530a2bd134074dc30e99fca" />
<Process name="C:\WINDOWS\system32\nvsvc32.exe" md5="36032035fa55f030d55237d5c639a81d" />
<Process name="C:\WINDOWS\system32\svchost.exe" md5="8f078ae4ed187aaabc0a305146de6716" />
<Process name="C:\WINDOWS\system32\svchost.exe" md5="8f078ae4ed187aaabc0a305146de6716" />
<Process name="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" md5="9424484efae19999c03da78457719e69" />
<Process name="C:\WINDOWS\ehome\mcrdsvc.exe" md5="df0a511f38f16016bf658fca0090cb87" />
<Process name="C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe" md5="47fcf6628e1a221c41f3f0130fbf258e" />
<Process name="C:\WINDOWS\system32\dllhost.exe" md5="dd87db7387b9eb441c5674888a0d840c" />
<Process name="C:\WINDOWS\System32\alg.exe" md5="f1958fbf86d5c004cf19a5951a9514b7" />
<Process name="C:\WINDOWS\ehome\ehtray.exe" md5="7a21e06385e748e9cb0252f1bbc493f1" />
<Process name="C:\WINDOWS\eHome\ehmsas.exe" md5="03a905fba1d62317087db5c21c0f8f62" />
<Process name="C:\WINDOWS\RTHDCPL.EXE" md5="10b0722c7203181b0c50c6cb974d2f2a" />
<Process name="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" md5="f340e8407877dc5bdde99443f08211d0" />
<Process name="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" md5="d40191aa225638ab20e59524cdd74030" />
<Process name="C:\Program Files\TalkTalk\bin\sprtcmd.exe" md5="e7a42ae15a34ee32004e44fed0f407b2" />
<Process name="C:\Program Files\Belkin\Belkin keyboard driver\KbdAp32A.exe" md5="091bd01bb51d4a70ed143297dc9f3cef" />
<Process name="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" md5="f33dc9881826d0c33e9f46b4395f056a" />
<Process name="C:\WINDOWS\system32\ctfmon.exe" md5="24232996a38c0b0cf151c2140ae29fc8" />
<Process name="C:\WINDOWS\System32\svchost.exe" md5="8f078ae4ed187aaabc0a305146de6716" />
<Process name="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" md5="452e910f4ade5117394024591bd8ed6e" />
<Process name="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" md5="4659f02259d1b628b360ef4b092ccf01" />
<Process name="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" md5="a79f60583b0e975df7d201d6739cc299" />
<Process name="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" md5="e616a6a6e91b0a86f2f6217cde835ffe" />
<Process name="C:\Program Files\XoftSpySE\XoftSpy.exe" md5="a03c96070e1a6da86895e8fc6c44bad2" />
</Processes>
- <Registry>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units">
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}">
- <ClassID value="{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}" title="Office Genuine Advantage Validation Tool" resolved-symbol="C:\WINDOWS\system32\OGACheckControl.DLL">
<File name="C:\WINDOWS\system32\OGACheckControl.DLL" expanded-name="C:\WINDOWS\system32\OGACheckControl.DLL" md5="b221b218126bc9409257f39837bab90c" />
</ClassID>
<RegValue name="SystemComponent" type="REG_DWORD" data="0x00000000" />
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\Contains">
<ClassID value="{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\Contains" title="Could not resolve title for ClassID {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\Contains, key does not exist" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\Contains\Files">
<ClassID value="{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\Contains\Files" title="Could not resolve title for ClassID {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\Contains\Files, key does not exist" resolved-symbol="Could not resolve ClassID {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\Contains\Files, key does not exist" />
- <RegValue name="C:\WINDOWS\system32\OGACheckControl.DLL" type="REG_SZ" data="">
<File name="C:\WINDOWS\system32\OGACheckControl.DLL" expanded-name="C:\WINDOWS\system32\OGACheckControl.DLL" md5="b221b218126bc9409257f39837bab90c" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\DownloadInformation">
<ClassID value="{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\DownloadInformation" title="Could not resolve title for ClassID {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://go.microsoft.com/fwlink/?linkid=58813" />
- <RegValue name="INF" type="REG_SZ" data="C:\WINDOWS\Downloaded Program Files\OGAControl.inf">
<File name="C:\WINDOWS\Downloaded Program Files\OGAControl.inf" expanded-name="C:\WINDOWS\Downloaded Program Files\OGAControl.inf" md5="c7c4d1edeb18f500a9db6d5317963b97" />
</RegValue>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\InstalledVersion">
<ClassID value="{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\InstalledVersion" title="Could not resolve title for ClassID {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}\InstalledVersion, key does not exist" />
<RegValue name="" type="REG_SZ" data="1,6,21,0" />
<RegValue name="LastModified" type="REG_SZ" data="Mon, 05 Mar 2007 21:59:47 GMT" />
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05D44720-58E3-49E6-BDF6-D00330E511D3}">
- <ClassID value="{05D44720-58E3-49E6-BDF6-D00330E511D3}" title="StagingUI Object" resolved-symbol="C:\WINDOWS\Downloaded Program Files\StagingUI.ocx">
<File name="C:\WINDOWS\Downloaded Program Files\StagingUI.ocx" expanded-name="C:\WINDOWS\Downloaded Program Files\StagingUI.ocx" md5="ff58f2e8add7a21ac10888189a2da62e" />
</ClassID>
<RegValue name="SystemComponent" type="REG_DWORD" data="0x00000000" />
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05D44720-58E3-49E6-BDF6-D00330E511D3}\Contains">
<ClassID value="{05D44720-58E3-49E6-BDF6-D00330E511D3}\Contains" title="Could not resolve title for ClassID {05D44720-58E3-49E6-BDF6-D00330E511D3}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {05D44720-58E3-49E6-BDF6-D00330E511D3}\Contains, key does not exist" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05D44720-58E3-49E6-BDF6-D00330E511D3}\Contains\Files">
<ClassID value="{05D44720-58E3-49E6-BDF6-D00330E511D3}\Contains\Files" title="Could not resolve title for ClassID {05D44720-58E3-49E6-BDF6-D00330E511D3}\Contains\Files, key does not exist" resolved-symbol="Could not resolve ClassID {05D44720-58E3-49E6-BDF6-D00330E511D3}\Contains\Files, key does not exist" />
- <RegValue name="C:\WINDOWS\Downloaded Program Files\StagingUI.ocx" type="REG_SZ" data="">
<File name="C:\WINDOWS\Downloaded Program Files\StagingUI.ocx" expanded-name="C:\WINDOWS\Downloaded Program Files\StagingUI.ocx" md5="ff58f2e8add7a21ac10888189a2da62e" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05D44720-58E3-49E6-BDF6-D00330E511D3}\DownloadInformation">
<ClassID value="{05D44720-58E3-49E6-BDF6-D00330E511D3}\DownloadInformation" title="Could not resolve title for ClassID {05D44720-58E3-49E6-BDF6-D00330E511D3}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {05D44720-58E3-49E6-BDF6-D00330E511D3}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05D44720-58E3-49E6-BDF6-D00330E511D3}\InstalledVersion">
<ClassID value="{05D44720-58E3-49E6-BDF6-D00330E511D3}\InstalledVersion" title="Could not resolve title for ClassID {05D44720-58E3-49E6-BDF6-D00330E511D3}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {05D44720-58E3-49E6-BDF6-D00330E511D3}\InstalledVersion, key does not exist" />
<RegValue name="" type="REG_SZ" data="9,5,5579,1" />
<RegValue name="LastModified" type="REG_SZ" data="Thu, 25 Jan 2007 19:54:23 GMT" />
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}">
- <ClassID value="{166B1BCA-3F9C-11CF-8075-444553540000}" title="Shockwave ActiveX Control" resolved-symbol="C:\WINDOWS\system32\macromed\Director\SwDir.dll">
<File name="C:\WINDOWS\system32\macromed\Director\SwDir.dll" expanded-name="C:\WINDOWS\system32\macromed\Director\SwDir.dll" md5="eb271b21ea6104b7c6946ef32d558c91" />
</ClassID>
<RegValue name="SystemComponent" type="REG_DWORD" data="0x00000000" />
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\Contains">
<ClassID value="{166B1BCA-3F9C-11CF-8075-444553540000}\Contains" title="Could not resolve title for ClassID {166B1BCA-3F9C-11CF-8075-444553540000}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {166B1BCA-3F9C-11CF-8075-444553540000}\Contains, key does not exist" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\DownloadInformation">
<ClassID value="{166B1BCA-3F9C-11CF-8075-444553540000}\DownloadInformation" title="Could not resolve title for ClassID {166B1BCA-3F9C-11CF-8075-444553540000}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {166B1BCA-3F9C-11CF-8075-444553540000}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab" />
- <RegValue name="INF" type="REG_SZ" data="C:\WINDOWS\Downloaded Program Files\erma.inf">
<File name="C:\WINDOWS\Downloaded Program Files\erma.inf" expanded-name="C:\WINDOWS\Downloaded Program Files\erma.inf" md5="772c765e564814e6e08e573b491e9c79" />
</RegValue>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\InstalledVersion">
<ClassID value="{166B1BCA-3F9C-11CF-8075-444553540000}\InstalledVersion" title="Could not resolve title for ClassID {166B1BCA-3F9C-11CF-8075-444553540000}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {166B1BCA-3F9C-11CF-8075-444553540000}\InstalledVersion, key does not exist" />
<RegValue name="" type="REG_SZ" data="10,1,4,20" />
<RegValue name="LastModified" type="REG_SZ" data="Thu, 08 Feb 2007 06:29:31 GMT" />
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3BB54395-5982-4788-8AF4-B5388FFDD0D8}">
- <ClassID value="{3BB54395-5982-4788-8AF4-B5388FFDD0D8}" title="MSN Games Buddy Invite" resolved-symbol="C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx">
<File name="C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx" expanded-name="C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx" md5="560b653ef510810b4cef62827e8c095f" />
</ClassID>
<RegValue name="SystemComponent" type="REG_DWORD" data="0x00000000" />
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3BB54395-5982-4788-8AF4-B5388FFDD0D8}\Contains">
<ClassID value="{3BB54395-5982-4788-8AF4-B5388FFDD0D8}\Contains" title="Could not resolve title for ClassID {3BB54395-5982-4788-8AF4-B5388FFDD0D8}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {3BB54395-5982-4788-8AF4-B5388FFDD0D8}\Contains, key does not exist" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3BB54395-5982-4788-8AF4-B5388FFDD0D8}\Contains\Files">
<ClassID value="{3BB54395-5982-4788-8AF4-B5388FFDD0D8}\Contains\Files" title="Could not resolve title for ClassID {3BB54395-5982-4788-8AF4-B5388FFDD0D8}\Contains\Files, key does not exist" resolved-symbol="Could not resolve ClassID {3BB54395-5982-4788-8AF4-B5388FFDD0D8}\Contains\Files, key does not exist" />
- <RegValue name="C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx" type="REG_SZ" data="">
<File name="C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx" expanded-name="C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx" md5="560b653ef510810b4cef62827e8c095f" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3BB54395-5982-4788-8AF4-B5388FFDD0D8}\DownloadInformation">
<ClassID value="{3BB54395-5982-4788-8AF4-B5388FFDD0D8}\DownloadInformation" title="Could not resolve title for ClassID {3BB54395-5982-4788-8AF4-B5388FFDD0D8}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {3BB54395-5982-4788-8AF4-B5388FFDD0D8}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3BB54395-5982-4788-8AF4-B5388FFDD0D8}\InstalledVersion">
<ClassID value="{3BB54395-5982-4788-8AF4-B5388FFDD0D8}\InstalledVersion" title="Could not resolve title for ClassID {3BB54395-5982-4788-8AF4-B5388FFDD0D8}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {3BB54395-5982-4788-8AF4-B5388FFDD0D8}\InstalledVersion, key does not exist" />
<RegValue name="" type="REG_SZ" data="9,5,5579,1" />
<RegValue name="LastModified" type="REG_SZ" data="Thu, 25 Jan 2007 19:54:22 GMT" />
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5736C456-EA94-4AAC-BB08-917ABDD035B3}">
- <ClassID value="{5736C456-EA94-4AAC-BB08-917ABDD035B3}" title="ZonePAChat Object" resolved-symbol="C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx">
<File name="C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx" expanded-name="C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx" md5="a91f756ce0a17eb8eace27a9086e215a" />
</ClassID>
<RegValue name="SystemComponent" type="REG_DWORD" data="0x00000000" />
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5736C456-EA94-4AAC-BB08-917ABDD035B3}\Contains">
<ClassID value="{5736C456-EA94-4AAC-BB08-917ABDD035B3}\Contains" title="Could not resolve title for ClassID {5736C456-EA94-4AAC-BB08-917ABDD035B3}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {5736C456-EA94-4AAC-BB08-917ABDD035B3}\Contains, key does not exist" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5736C456-EA94-4AAC-BB08-917ABDD035B3}\Contains\Files">
<ClassID value="{5736C456-EA94-4AAC-BB08-917ABDD035B3}\Contains\Files" title="Could not resolve title for ClassID {5736C456-EA94-4AAC-BB08-917ABDD035B3}\Contains\Files, key does not exist" resolved-symbol="Could not resolve ClassID {5736C456-EA94-4AAC-BB08-917ABDD035B3}\Contains\Files, key does not exist" />
- <RegValue name="C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx" type="REG_SZ" data="">
<File name="C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx" expanded-name="C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx" md5="a91f756ce0a17eb8eace27a9086e215a" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5736C456-EA94-4AAC-BB08-917ABDD035B3}\DownloadInformation">
<ClassID value="{5736C456-EA94-4AAC-BB08-917ABDD035B3}\DownloadInformation" title="Could not resolve title for ClassID {5736C456-EA94-4AAC-BB08-917ABDD035B3}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {5736C456-EA94-4AAC-BB08-917ABDD035B3}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5736C456-EA94-4AAC-BB08-917ABDD035B3}\InstalledVersion">
<ClassID value="{5736C456-EA94-4AAC-BB08-917ABDD035B3}\InstalledVersion" title="Could not resolve title for ClassID {5736C456-EA94-4AAC-BB08-917ABDD035B3}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {5736C456-EA94-4AAC-BB08-917ABDD035B3}\InstalledVersion, key does not exist" />
<RegValue name="" type="REG_SZ" data="9,5,5579,1" />
<RegValue name="LastModified" type="REG_SZ" data="Thu, 25 Jan 2007 19:54:22 GMT" />
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}">
<ClassID value="{67DABFBF-D0AB-41FA-9C46-CC0F21721616}" title="Could not resolve title for ClassID {67DABFBF-D0AB-41FA-9C46-CC0F21721616}, key does not exist" resolved-symbol="Could not resolve ClassID {67DABFBF-D0AB-41FA-9C46-CC0F21721616}, key does not exist" />
<RegValue name="SystemComponent" type="REG_DWORD" data="0x00000000" />
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\Contains">
<ClassID value="{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\Contains" title="Could not resolve title for ClassID {67DABFBF-D0AB-41FA-9C46-CC0F21721616}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {67DABFBF-D0AB-41FA-9C46-CC0F21721616}\Contains, key does not exist" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\DownloadInformation">
<ClassID value="{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\DownloadInformation" title="Could not resolve title for ClassID {67DABFBF-D0AB-41FA-9C46-CC0F21721616}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {67DABFBF-D0AB-41FA-9C46-CC0F21721616}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://download.divx.com/player/DivXBrowserPlugin.cab" />
- <RegValue name="INF" type="REG_SZ" data="C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf">
<File name="C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf" expanded-name="C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf" md5="e2da0a0bb90ffc417960b0f15199aa1a" />
</RegValue>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\InstalledVersion">
<ClassID value="{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\InstalledVersion" title="Could not resolve title for ClassID {67DABFBF-D0AB-41FA-9C46-CC0F21721616}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {67DABFBF-D0AB-41FA-9C46-CC0F21721616}\InstalledVersion, key does not exist" />
<RegValue name="" type="REG_SZ" data="1,3,1,10" />
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}">
- <ClassID value="{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}" title="GameLauncher Control" resolved-symbol="C:\WINDOWS\DOWNLO~1\GAMELA~1.OCX">
<File name="C:\WINDOWS\DOWNLO~1\GAMELA~1.OCX" expanded-name="C:\WINDOWS\DOWNLO~1\GAMELA~1.OCX" md5="32f2b88baaf2cdcf925247afe019ada1" />
</ClassID>
<RegValue name="SystemComponent" type="REG_DWORD" data="0x00000000" />
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\Contains">
<ClassID value="{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\Contains" title="Could not resolve title for ClassID {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\Contains, key does not exist" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\Contains\Files">
<ClassID value="{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\Contains\Files" title="Could not resolve title for ClassID {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\Contains\Files, key does not exist" resolved-symbol="Could not resolve ClassID {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\Contains\Files, key does not exist" />
- <RegValue name="C:\WINDOWS\Downloaded Program Files\GameLauncher.ocx" type="REG_SZ" data="">
<File name="C:\WINDOWS\Downloaded Program Files\GameLauncher.ocx" expanded-name="C:\WINDOWS\Downloaded Program Files\GameLauncher.ocx" md5="32f2b88baaf2cdcf925247afe019ada1" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\DownloadInformation">
<ClassID value="{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\DownloadInformation" title="Could not resolve title for ClassID {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://www.acclaim.com/cabs/acclaim_v4.cab" />
- <RegValue name="INF" type="REG_SZ" data="C:\WINDOWS\Downloaded Program Files\GameLauncher.inf">
<File name="C:\WINDOWS\Downloaded Program Files\GameLauncher.inf" expanded-name="C:\WINDOWS\Downloaded Program Files\GameLauncher.inf" md5="493485c366f10085262a1f815e859506" />
</RegValue>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\InstalledVersion">
<ClassID value="{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\InstalledVersion" title="Could not resolve title for ClassID {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}\InstalledVersion, key does not exist" />
<RegValue name="" type="REG_SZ" data="1,0,0,4" />
<RegValue name="LastModified" type="REG_SZ" data="Fri, 01 Sep 2006 08:54:31 GMT" />
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}">
- <ClassID value="{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}" title="MUWebControl Class" resolved-symbol="C:\WINDOWS\system32\muweb.dll">
<File name="C:\WINDOWS\system32\muweb.dll" expanded-name="C:\WINDOWS\system32\muweb.dll" md5="2dee560ccef55353eb62fda870446393" />
</ClassID>
<RegValue name="SystemComponent" type="REG_DWORD" data="0x00000000" />
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\Contains">
<ClassID value="{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\Contains" title="Could not resolve title for ClassID {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\Contains, key does not exist" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\Contains\Files">
<ClassID value="{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\Contains\Files" title="Could not resolve title for ClassID {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\Contains\Files, key does not exist" resolved-symbol="Could not resolve ClassID {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\Contains\Files, key does not exist" />
- <RegValue name="C:\WINDOWS\system32\muweb.dll" type="REG_SZ" data="">
<File name="C:\WINDOWS\system32\muweb.dll" expanded-name="C:\WINDOWS\system32\muweb.dll" md5="2dee560ccef55353eb62fda870446393" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\DownloadInformation">
<ClassID value="{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\DownloadInformation" title="Could not resolve title for ClassID {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175004181218" />
- <RegValue name="INF" type="REG_SZ" data="C:\WINDOWS\Downloaded Program Files\muweb.inf">
<File name="C:\WINDOWS\Downloaded Program Files\muweb.inf" expanded-name="C:\WINDOWS\Downloaded Program Files\muweb.inf" md5="49661eea139a8e565c102894374f4fa7" />
</RegValue>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\InstalledVersion">
<ClassID value="{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\InstalledVersion" title="Could not resolve title for ClassID {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\InstalledVersion, key does not exist" />
<RegValue name="" type="REG_SZ" data="5,8,0,2469" />
<RegValue name="LastModified" type="REG_SZ" data="Thu, 26 May 2005 11:40:19 GMT" />
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}">
- <ClassID value="{8AD9C840-044E-11D1-B3E9-00805F499D93}" title="Java Plug-in 1.6.0_02" resolved-symbol="C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll">
<File name="C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" expanded-name="C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" md5="d6137540bdf0f9f9b9055c60add8007a" />
</ClassID>
- <RegValue name="" type="REG_SZ" data="Java Runtime Environment 1.6.0">
<File name="Java Runtime Environment 1.6.0" expanded-name="Java Runtime Environment 1.6.0" md5="could not open file for md5 calculation" />
</RegValue>
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains">
<ClassID value="{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains" title="Could not resolve title for ClassID {8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains, key does not exist" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation">
<ClassID value="{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation" title="Could not resolve title for ClassID {8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab" />
<RegValue name="INF" type="REG_SZ" data="" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InstalledVersion">
<ClassID value="{8AD9C840-044E-11D1-B3E9-00805F499D93}\InstalledVersion" title="Could not resolve title for ClassID {8AD9C840-044E-11D1-B3E9-00805F499D93}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {8AD9C840-044E-11D1-B3E9-00805F499D93}\InstalledVersion, key does not exist" />
- <RegValue name="" type="REG_SZ" data="1.6.0.2">
<File name="1.6.0.2" expanded-name="1.6.0.2" md5="could not open file for md5 calculation" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}">
- <ClassID value="{B8BE5E93-A60C-4D26-A2DC-220313175592}" title="MSN Games - Installer" resolved-symbol="C:\WINDOWS\Downloaded Program Files\ZIntro.ocx">
<File name="C:\WINDOWS\Downloaded Program Files\ZIntro.ocx" expanded-name="C:\WINDOWS\Downloaded Program Files\ZIntro.ocx" md5="e681ac948003cca59c6c00d3f5ec3d4b" />
</ClassID>
<RegValue name="SystemComponent" type="REG_DWORD" data="0x00000000" />
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}\Contains">
<ClassID value="{B8BE5E93-A60C-4D26-A2DC-220313175592}\Contains" title="Could not resolve title for ClassID {B8BE5E93-A60C-4D26-A2DC-220313175592}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {B8BE5E93-A60C-4D26-A2DC-220313175592}\Contains, key does not exist" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}\Contains\Files">
<ClassID value="{B8BE5E93-A60C-4D26-A2DC-220313175592}\Contains\Files" title="Could not resolve title for ClassID {B8BE5E93-A60C-4D26-A2DC-220313175592}\Contains\Files, key does not exist" resolved-symbol="Could not resolve ClassID {B8BE5E93-A60C-4D26-A2DC-220313175592}\Contains\Files, key does not exist" />
- <RegValue name="C:\WINDOWS\Downloaded Program Files\ZIntro.ocx" type="REG_SZ" data="">
<File name="C:\WINDOWS\Downloaded Program Files\ZIntro.ocx" expanded-name="C:\WINDOWS\Downloaded Program Files\ZIntro.ocx" md5="e681ac948003cca59c6c00d3f5ec3d4b" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}\DownloadInformation">
<ClassID value="{B8BE5E93-A60C-4D26-A2DC-220313175592}\DownloadInformation" title="Could not resolve title for ClassID {B8BE5E93-A60C-4D26-A2DC-220313175592}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {B8BE5E93-A60C-4D26-A2DC-220313175592}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}\InstalledVersion">
<ClassID value="{B8BE5E93-A60C-4D26-A2DC-220313175592}\InstalledVersion" title="Could not resolve title for ClassID {B8BE5E93-A60C-4D26-A2DC-220313175592}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {B8BE5E93-A60C-4D26-A2DC-220313175592}\InstalledVersion, key does not exist" />
<RegValue name="" type="REG_SZ" data="9,5,6649,1" />
<RegValue name="LastModified" type="REG_SZ" data="Mon, 19 Feb 2007 20:57:41 GMT" />
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}">
- <ClassID value="{C3F79A2B-B9B4-4A66-B012-3EE46475B072}" title="MessengerStatsClient Class" resolved-symbol="C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll">
<File name="C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll" expanded-name="C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll" md5="8945cca5fc4f25168e8b6f401efaf51f" />
</ClassID>
<RegValue name="SystemComponent" type="REG_DWORD" data="0x00000000" />
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\Contains">
<ClassID value="{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\Contains" title="Could not resolve title for ClassID {C3F79A2B-B9B4-4A66-B012-3EE46475B072}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {C3F79A2B-B9B4-4A66-B012-3EE46475B072}\Contains, key does not exist" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\Contains\Files">
<ClassID value="{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\Contains\Files" title="Could not resolve title for ClassID {C3F79A2B-B9B4-4A66-B012-3EE46475B072}\Contains\Files, key does not exist" resolved-symbol="Could not resolve ClassID {C3F79A2B-B9B4-4A66-B012-3EE46475B072}\Contains\Files, key does not exist" />
- <RegValue name="C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll" type="REG_SZ" data="">
<File name="C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll" expanded-name="C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll" md5="8945cca5fc4f25168e8b6f401efaf51f" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\DownloadInformation">
<ClassID value="{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\DownloadInformation" title="Could not resolve title for ClassID {C3F79A2B-B9B4-4A66-B012-3EE46475B072}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {C3F79A2B-B9B4-4A66-B012-3EE46475B072}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\InstalledVersion">
<ClassID value="{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\InstalledVersion" title="Could not resolve title for ClassID {C3F79A2B-B9B4-4A66-B012-3EE46475B072}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {C3F79A2B-B9B4-4A66-B012-3EE46475B072}\InstalledVersion, key does not exist" />
<RegValue name="" type="REG_SZ" data="9,5,6907,1" />
<RegValue name="LastModified" type="REG_SZ" data="Mon, 26 Feb 2007 22:38:19 GMT" />
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}">
- <ClassID value="{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}" title="Office Update Installation Engine" resolved-symbol="C:\WINDOWS\opuc.dll">
<File name="C:\WINDOWS\opuc.dll" expanded-name="C:\WINDOWS\opuc.dll" md5="4ce6ab4fc34bbc26077eced1087d730f" />
</ClassID>
<RegValue name="SystemComponent" type="REG_DWORD" data="0x00000000" />
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\Contains">
<ClassID value="{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\Contains" title="Could not resolve title for ClassID {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\Contains, key does not exist" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\Contains\Files">
<ClassID value="{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\Contains\Files" title="Could not resolve title for ClassID {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\Contains\Files, key does not exist" resolved-symbol="Could not resolve ClassID {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\Contains\Files, key does not exist" />
- <RegValue name="C:\WINDOWS\opuc.dll" type="REG_SZ" data="">
<File name="C:\WINDOWS\opuc.dll" expanded-name="C:\WINDOWS\opuc.dll" md5="4ce6ab4fc34bbc26077eced1087d730f" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\DownloadInformation">
<ClassID value="{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\DownloadInformation" title="Could not resolve title for ClassID {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://office.microsoft.com/officeupdate/content/opuc4.cab" />
- <RegValue name="INF" type="REG_SZ" data="C:\WINDOWS\Downloaded Program Files\opuc.inf">
<File name="C:\WINDOWS\Downloaded Program Files\opuc.inf" expanded-name="C:\WINDOWS\Downloaded Program Files\opuc.inf" md5="c314b055c85a2a2c07d678b54d3f9e56" />
</RegValue>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\InstalledVersion">
<ClassID value="{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\InstalledVersion" title="Could not resolve title for ClassID {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}\InstalledVersion, key does not exist" />
<RegValue name="" type="REG_SZ" data="12,0,4518,1038" />
<RegValue name="LastModified" type="REG_SZ" data="Thu, 15 Mar 2007 02:53:50 GMT" />
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}">
- <ClassID value="{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" title="Java Plug-in 1.6.0_02" resolved-symbol="C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll">
<File name="C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" expanded-name="C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" md5="d6137540bdf0f9f9b9055c60add8007a" />
</ClassID>
- <RegValue name="" type="REG_SZ" data="Java Runtime Environment 1.6.0">
<File name="Java Runtime Environment 1.6.0" expanded-name="Java Runtime Environment 1.6.0" md5="could not open file for md5 calculation" />
</RegValue>
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\Contains">
<ClassID value="{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\Contains" title="Could not resolve title for ClassID {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\Contains, key does not exist" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\DownloadInformation">
<ClassID value="{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\DownloadInformation" title="Could not resolve title for ClassID {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab" />
<RegValue name="INF" type="REG_SZ" data="" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InstalledVersion">
<ClassID value="{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InstalledVersion" title="Could not resolve title for ClassID {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InstalledVersion, key does not exist" />
- <RegValue name="" type="REG_SZ" data="1.6.0.2">
<File name="1.6.0.2" expanded-name="1.6.0.2" md5="could not open file for md5 calculation" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}">
- <ClassID value="{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" title="Java Plug-in 1.6.0_02" resolved-symbol="C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll">
<File name="C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" expanded-name="C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" md5="e3811f1a1c5063c941ec0e2766c3ea39" />
</ClassID>
- <RegValue name="" type="REG_SZ" data="Java Runtime Environment 1.6.0">
<File name="Java Runtime Environment 1.6.0" expanded-name="Java Runtime Environment 1.6.0" md5="could not open file for md5 calculation" />
</RegValue>
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains">
<ClassID value="{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains" title="Could not resolve title for ClassID {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains, key does not exist" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation">
<ClassID value="{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation" title="Could not resolve title for ClassID {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab" />
<RegValue name="INF" type="REG_SZ" data="" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InstalledVersion">
<ClassID value="{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InstalledVersion" title="Could not resolve title for ClassID {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InstalledVersion, key does not exist" />
- <RegValue name="" type="REG_SZ" data="1.6.0.2">
<File name="1.6.0.2" expanded-name="1.6.0.2" md5="could not open file for md5 calculation" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}">
- <ClassID value="{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}" title="MSN Games Game Communicator" resolved-symbol="C:\WINDOWS\Downloaded Program Files\StProxy.dll">
<File name="C:\WINDOWS\Downloaded Program Files\StProxy.dll" expanded-name="C:\WINDOWS\Downloaded Program Files\StProxy.dll" md5="c68867d8c7c098aa75a40d6bb1706be4" />
</ClassID>
<RegValue name="SystemComponent" type="REG_DWORD" data="0x00000000" />
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\Contains">
<ClassID value="{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\Contains" title="Could not resolve title for ClassID {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\Contains, key does not exist" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\Contains\Files">
<ClassID value="{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\Contains\Files" title="Could not resolve title for ClassID {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\Contains\Files, key does not exist" resolved-symbol="Could not resolve ClassID {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\Contains\Files, key does not exist" />
- <RegValue name="C:\WINDOWS\Downloaded Program Files\StProxy.dll" type="REG_SZ" data="">
<File name="C:\WINDOWS\Downloaded Program Files\StProxy.dll" expanded-name="C:\WINDOWS\Downloaded Program Files\StProxy.dll" md5="c68867d8c7c098aa75a40d6bb1706be4" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\DownloadInformation">
<ClassID value="{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\DownloadInformation" title="Could not resolve title for ClassID {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://zone.msn.com/binframework/v10/StProxy.cab55579.cab" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\InstalledVersion">
<ClassID value="{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\InstalledVersion" title="Could not resolve title for ClassID {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\InstalledVersion, key does not exist" />
<RegValue name="" type="REG_SZ" data="9,5,5579,1" />
<RegValue name="LastModified" type="REG_SZ" data="Thu, 25 Jan 2007 19:54:22 GMT" />
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF3C5A9F-5A99-4930-80E8-4709194C2AD3}">
- <ClassID value="{FF3C5A9F-5A99-4930-80E8-4709194C2AD3}" title="ZPA_Backgammon Object" resolved-symbol="C:\WINDOWS\Downloaded Program Files\ZPA_Backgammon.ocx">
<File name="C:\WINDOWS\Downloaded Program Files\ZPA_Backgammon.ocx" expanded-name="C:\WINDOWS\Downloaded Program Files\ZPA_Backgammon.ocx" md5="9890bca5b1cbbcb16d18ff7059be28ba" />
</ClassID>
<RegValue name="SystemComponent" type="REG_DWORD" data="0x00000000" />
<RegValue name="Installer" type="REG_SZ" data="MSICD" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\Contains">
<ClassID value="{FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\Contains" title="Could not resolve title for ClassID {FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\Contains, key does not exist" resolved-symbol="Could not resolve ClassID {FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\Contains, key does not exist" />
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\Contains\Files">
<ClassID value="{FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\Contains\Files" title="Could not resolve title for ClassID {FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\Contains\Files, key does not exist" resolved-symbol="Could not resolve ClassID {FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\Contains\Files, key does not exist" />
- <RegValue name="C:\WINDOWS\Downloaded Program Files\ZPA_Backgammon.ocx" type="REG_SZ" data="">
<File name="C:\WINDOWS\Downloaded Program Files\ZPA_Backgammon.ocx" expanded-name="C:\WINDOWS\Downloaded Program Files\ZPA_Backgammon.ocx" md5="9890bca5b1cbbcb16d18ff7059be28ba" />
</RegValue>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\DownloadInformation">
<ClassID value="{FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\DownloadInformation" title="Could not resolve title for ClassID {FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\DownloadInformation, key does not exist" resolved-symbol="Could not resolve ClassID {FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\DownloadInformation, key does not exist" />
<RegValue name="CODEBASE" type="REG_SZ" data="http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab55579.cab" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\InstalledVersion">
<ClassID value="{FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\InstalledVersion" title="Could not resolve title for ClassID {FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\InstalledVersion, key does not exist" resolved-symbol="Could not resolve ClassID {FF3C5A9F-5A99-4930-80E8-4709194C2AD3}\InstalledVersion, key does not exist" />
<RegValue name="" type="REG_SZ" data="9,5,5579,1" />
<RegValue name="LastModified" type="REG_SZ" data="Fri, 26 Jan 2007 20:39:27 GMT" />
</RegKey>
</RegKey>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot">
<RegValue name="" type="REG_SZ" data="SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot" />
<RegValue name="ScreenSaverActive" type="REG_SZ" data="USR:Control Panel\Desktop" />
<RegValue name="ScreenSaverIsSecure" type="REG_SZ" data="USR:Control Panel\Desktop" />
- <RegValue name="SCRNSAVE.EXE" type="REG_SZ" data="USR:Control Panel\Desktop">
<File name="SCRNSAVE.EXE" expanded-name="SCRNSAVE.EXE" md5="could not open file for md5 calculation" />
</RegValue>
<RegValue name="Shell" type="REG_SZ" data="SYS:Microsoft\Windows NT\CurrentVersion\Winlogon" />
</RegKey>
- <RegKey name="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings">
- <RegValue name="User Agent" type="REG_SZ" data="Mozilla/4.0 (compatible; MSIE 7.0; Win32)">
<File name="MSIE 7.0" expanded-name="MSIE 7.0" md5="could not open file for md5 calculation" />
</RegValue>
- <RegValue name="IE5_UA_Backup_Flag" type="REG_SZ" data="5.0">
<File name="5.0" expanded-name="5.0" md5="could not open file for md5 calculation" />
</RegValue>
<RegValue name="NoNetAutodial" type="REG_DWORD" data="0x00000000" />
<RegValue name="MigrateProxy" type="REG_DWORD" data="0x00000001" />
<RegValue name="EnableNegotiate" type="REG_DWORD" data="0x00000001" />
<RegValue name="EmailName" type="REG_SZ" data="IEUser@" />
- <RegValue name="AutoConfigProxy" type="REG_SZ" data="wininet.dll">
<File name="wininet.dll" expanded-name="C:\WINDOWS\system32\wininet.dll" md5="8068cbb58fe60cc95aeb2cff70178208" />
</RegValue>
<RegValue name="MimeExclusionListForCache" type="REG_SZ" data="multipart/mixed multipart/x-mixed-replace multipart/x-byteranges" />
<RegValue name="WarnOnPost" type="REG_BINARY" data="N/A" />
<RegValue name="UseSchannelDirectly" type="REG_BINARY" data="N/A" />
<RegValue name="EnableHttp1_1" type="REG_DWORD" data="0x00000001" />
<RegValue name="PrivacyAdvanced" type="REG_DWORD" data="0x00000000" />
<RegValue name="ProxyEnable" type="REG_DWORD" data="0x00000000" />
<RegValue name="GlobalUserOffline" type="REG_DWORD" data="0x00000000" />
<RegValue name="EnableAutodial" type="REG_DWORD" data="0x00000000" />
<RegValue name="PrivDiscUiShown" type="REG_DWORD" data="0x00000001" />
<RegValue name="WarnOnZoneCrossing" type="REG_DWORD" data="0x00000000" />
<RegValue name="SyncMode5" type="REG_DWORD" data="0x00000003" />
<RegValue name="UrlEncoding" type="REG_DWORD" data="0x00000000" />
<RegValue name="SecureProtocols" type="REG_DWORD" data="0x000000a0" />
<RegValue name="DisableCachingOfSSLPages" type="REG_DWORD" data="0x00000000" />
<RegValue name="CertificateRevocation" type="REG_DWORD" data="0x00000001" />
<RegValue name="WarnOnHTTPSToHTTPRedirect" type="REG_DWORD" data="0x00000000" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htafile\shell\open\command">
- <RegValue name="" type="REG_SZ" data="C:\WINDOWS\system32\mshta.exe "%1" %*">
<File name="C:\WINDOWS\system32\mshta.exe "%1" %*" expanded-name="C:\WINDOWS\system32\mshta.exe "%1" %*" md5="could not open file for md5 calculation" />
</RegValue>
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\open\command">
<RegValue name="" type="REG_SZ" data=""%1" /S" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command">
<RegValue name="" type="REG_SZ" data=""%1" %*" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command">
<RegValue name="" type="REG_SZ" data=""%1" %*" />
</RegKey>
- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command">
<RegValue name="" type="REG_SZ" data=""%1" %*" />
</RegKey>
The XML page cannot be displayed
Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later.


--------------------------------------------------------------------------------

Whitespace is not allowed at this location. Error processing resource 'file:///C:/Program Files/XoftSpySE/Logs/XoftSpyLog-2...

<ClassID value="{53707962-6F74-2D53-2644-206D7942484F}" title="Could not resolve title for classID ClassID {53707962-6F74...
em">- <RegKey name="HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command">
<RegValue name="" type="REG_SZ" data=""%1" %*" />
</RegKey>
Yampybird

You know you're getting on a bit when you have to scroll down to find your birth year on forms or when you have
to put your nose on the screen to
read things clearly

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:37 AM

Posted 31 August 2007 - 08:09 AM

Afternoon to you,

I honestly hope you're getting a little rest right now! :flowers:

I'm beginning to think that it would be easier to do a windows repair. whotcha think?

I really have no way of knowing what all you did. If you feel it would be easier to go for a fresh install, then by all means......it is your computer. Just let me know what you decide to do when you have the time. :thumbsup:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 yampybird

yampybird
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:It's cold, it's wet - Oh must be Telford then!
  • Local time:05:37 AM

Posted 31 August 2007 - 04:14 PM

Hi tea

still no better off in the sleep department but what the hey I think I'll live, however on the desktop loading problem, it appears to be sorted. I downloaded a few of the latest windows updates and it seems to have solved the problem. I wasn't out of date I just downloaded some of the less critical ones. Maybe totally unrelated but it's done the trick.

Any hints for staying free of nasty popups, I have a popup blocker running and all progs now completely upto date.

Thanks for all your help, it is much appreciated.
Yampybird

You know you're getting on a bit when you have to scroll down to find your birth year on forms or when you have
to put your nose on the screen to
read things clearly

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:37 AM

Posted 31 August 2007 - 04:44 PM

You poor thing. I certainly can sympathise.

I'll give you "The Speech" for protection. :thumbsup:

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

You should definitely maintain a firewall. Some good free firewalls are Kerio, or Outpost
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

You take care and get some sleep!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users