Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis log - Please diagnose


  • This topic is locked This topic is locked
10 replies to this topic

#1 steve75

steve75

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 11 October 2008 - 12:27 PM

Hi, as of yesterday i have been getting warning bubble pop up from a red spot with a white X in my task bar, pic below.

Posted Image

i'm sure this is a fake warning and it appears to also turn off my windows firewall at start up, and god knows what else that i haven't noticed yet........

I'm using Windows xp and using eset nod32 av, and have ran both adaware and spybot in safemode with the latest definitions, but this hasn't solved it.

I've run hijackthis, and the only thing i can spot that maybe a problem is BRASTK.EXE - i'm guessing this is my problem but i'm not sure what to do about it....

Here is my HJT log, i hope somebody can take a look and tell me if i'm right and what i should do and also tell me if they see anything else that might be causing trouble.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:34, on 11/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\wltray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\brastk.exe
C:\Documents and Settings\All Users\Application Data\yrsdizml\kjgzenuv.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061022
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16318
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [C0QQu0CZim] C:\Documents and Settings\All Users\Application Data\yrsdizml\kjgzenuv.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab
O21 - SSODL: msgcfg - {5B5138A4-F5C9-EA13-C2E0-02C993932DFF} - C:\Program Files\ioazzzc\msgcfg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9786 bytes


Hope someone can help me........ Please bear in mind i'm not too hot with computers. :thumbsup:

thanks in advance.

Steve

Edited by steve75, 12 October 2008 - 04:15 AM.


BC AdBot (Login to Remove)

 


#2 steve75

steve75
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 12 October 2008 - 06:00 AM

I'm still needing help with this if anyone can help me. :thumbsup:

many thanks

Steve

#3 steve75

steve75
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 13 October 2008 - 11:44 AM

good news..... i think i've fixed it! :thumbsup: after searching and searching then searching some more, i found a thread that appeared to be of a similar nature.

Anyway, in the thread it recommended using Malwarebyte's Anti-Malware (Mbam) program to remove the trojan(s).

So, below i am posting the log from Mbam detailing what was removed and below that, is an updated Hijackthis log, if someone could just take a look at them and confirm that the removal has got rid of all the natsies i'd much appreciate it.

Malwarebytes' Anti-Malware 1.28
Database version: 1264
Windows 5.1.2600 Service Pack 2

13/10/2008 17:28:34
mbam-log-2008-10-13 (17-28-34).txt

Scan type: Quick Scan
Objects scanned: 69305
Time elapsed: 13 minute(s), 27 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\yrsdizml\kjgzenuv.exe (Trojan.Downloader) -> Failed to unload process.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5B5138A4-F5C9-EA13-C2E0-02C993932DFF} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\msgcfg (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\c0qqu0czim (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\ioazzzc\msgcfg.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\yrsdizml\kjgzenuv.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\577GS621\._file[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini104552502.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:37, on 13/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\wltray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061022
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16318
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9282 bytes

#4 steve75

steve75
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 16 October 2008 - 01:35 AM

:thumbsup: anybody.....?

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:32 AM

Posted 17 October 2008 - 09:48 PM

Hello, steve75.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to uninstall one or more programs
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
ZoneAlarm Spyblocker Toolbar

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\Program Files\ZoneAlarmSB
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]
    [-HKEY_CLASSES_ROOT\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTMoveIt3's Log
  • Kaspersky's Log
  • OTViewIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 steve75

steve75
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 18 October 2008 - 11:54 AM

Hi Billy, thanks for taking the time to help me. Below are the results from processes you instructed me to carry out.

Look forward to hearing from you.

Steve

OTMoveIt3 report

========== FILES ==========
File/Folder C:\Program Files\ZoneAlarmSB not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Steve\LOCALS~1\Temp\ mon018.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Steve\LOCALS~1\Temp\etilqs_UFb3aMA2ZAvAWhBeudXl scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ZLT00c35.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT05b00.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynidgrth.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynidgrth.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynidgrth.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynidgrth.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynidgrth.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10182008_152340

Files moved on Reboot...
C:\DOCUME~1\Steve\LOCALS~1\Temp\ mon018.log moved successfully.
File C:\DOCUME~1\Steve\LOCALS~1\Temp\etilqs_UFb3aMA2ZAvAWhBeudXl not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\ZLT00c35.TMP not found!
File C:\WINDOWS\temp\ZLT05b00.TMP not found!
C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynidgrth.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynidgrth.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynidgrth.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynidgrth.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynidgrth.default\urlclassifier3.sqlite moved successfully.



Kaspersky online scan report

Saturday, October 18, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 18, 2008 12:31:51
Records in database: 1320761


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
L:\
P:\

Scan statistics
Files scanned 108346
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:44:59

No malware has been detected. The scan area is clean.
The selected area was scanned.


Otviewit report

OTViewIt logfile created on: 18/10/2008 17:44:14 - Run
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.79 Gb Available in Paging File | 94.63% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 171.42 Gb Total Space | 2.33 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Drive D: | 58.19 Gb Total Space | 43.58 Gb Free Space | 74.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-N-HELLYS
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2005/01/19 11:01:22 | 00,065,536 | ---- | M] () -- C:\WINDOWS\system32\wltrysvc.exe
[2005/01/29 02:09:42 | 00,876,649 | ---- | M] (BT Voyager Corporation) -- C:\WINDOWS\system32\bcmwltry.exe
[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/09/14 08:56:06 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
[2007/12/21 09:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
[2006/06/16 15:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/08/15 10:00:20 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2005/10/05 03:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2006/10/22 19:22:29 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2005/09/08 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[2005/01/29 02:09:42 | 00,696,422 | ---- | M] (BT Voyager Corporation) -- C:\WINDOWS\system32\wltray.exe
[2003/12/09 12:03:08 | 00,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
[2007/08/30 06:32:38 | 00,061,440 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
[2003/12/05 00:44:34 | 00,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[2003/12/22 09:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[2003/12/05 16:41:44 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[2004/02/02 20:41:58 | 00,495,616 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
[2007/12/21 09:21:06 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
[2008/07/09 09:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2006/03/03 14:18:10 | 00,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/03/21 09:30:16 | 00,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2006/09/01 11:01:42 | 00,671,744 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2003/05/14 18:45:04 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2006/07/19 12:03:56 | 00,094,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/09/30 19:01:36 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2003/12/22 09:38:40 | 00,167,936 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
[2008/10/18 17:43:36 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/02/07 22:55:10 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2006/09/14 08:56:06 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0 [Auto | Running])
[2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/12/21 09:22:44 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
[2007/12/21 09:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
[2007/10/09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/03/06 17:01:20 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007/10/11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006/06/16 15:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/05/14 18:45:04 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Running])
[2007/02/08 17:13:46 | 00,212,480 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2005/01/19 11:01:22 | 00,065,536 | ---- | M] () -- C:\WINDOWS\system32\wltrysvc.exe -- (wltrysvc [Auto | Running])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/04/29 11:20:00 | 00,015,648 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter [On_Demand | Stopped])
[2006/10/26 20:14:56 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2004/10/08 02:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2006/06/19 04:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/08/14 13:29:44 | 00,044,544 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/09/08 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2005/09/08 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
[2005/09/08 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2005/09/08 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2005/09/08 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
[2005/09/08 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2005/09/08 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2007/12/21 09:19:54 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running])
[2007/12/21 09:20:14 | 00,030,216 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [System | Running])
[2007/12/21 09:21:56 | 00,033,800 | ---- | M] () -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir [System | Running])
[2004/08/12 17:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/21 19:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])
[2005/10/21 19:58:58 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2005/10/21 19:52:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2006/09/01 12:32:50 | 00,003,712 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE [Auto | Running])
[2006/07/19 12:29:08 | 00,027,136 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe [On_Demand | Running])
[2006/07/19 12:28:04 | 00,036,736 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK [On_Demand | Running])
[2006/07/19 12:28:56 | 00,071,936 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE [On_Demand | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2007/02/22 11:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped])
[2007/02/22 11:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped])
[2007/02/22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped])
[2007/02/22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped])
[2006/06/16 15:39:00 | 03,581,888 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/08/05 14:00:40 | 00,105,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Stopped])
[2006/08/05 14:00:48 | 00,089,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [Boot | Stopped])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/08/30 06:33:32 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/08/10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005/05/16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2006/02/21 12:12:00 | 00,019,968 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
[2005/11/03 15:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2008/03/22 00:58:46 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2006/08/15 10:00:18 | 01,171,464 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2008/10/10 20:18:39 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2005/01/19 11:01:26 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Running])
[2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://www.google.com/ie
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.google.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
"Default_Page_URL"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061022
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com
"Start Page"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061022

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061022
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061022
"Start Page"=http://home.bt.yahoo.com

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061022
"Start Page"=http://home.bt.yahoo.com

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1008204779-2546711360-1364965346-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061022
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com

[HKEY_USERS\S-1-5-21-1008204779-2546711360-1364965346-1006\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com

[HKEY_USERS\S-1-5-21-1008204779-2546711360-1364965346-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_USERS\S-1-5-21-1008204779-2546711360-1364965346-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1008204779-2546711360-1364965346-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1008204779-2546711360-1364965346-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" (Adobe Systems Incorporated)
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard)
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
"HPHmon05"=C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
"HPHUPD05"=C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe (Hewlett-Packard)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech Inc.)
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" (Logitech Inc.)
"NSLauncher"=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup ()
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"wltray.exe"=C:\WINDOWS\system32\wltray.exe (BT Voyager Corporation)
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1008204779-2546711360-1364965346-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)

========== (O4) Startup Folders ==========

[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/09/01 11:01:42 | 00,671,744 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2005/03/16 20:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Steve\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1008204779-2546711360-1364965346-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Locate Spot on Map by GPS: C:\Program Files\Opanda\IExif 2.3\IExifMap.htm [2005/06/30 22:32:10 | 00,000,573 | ---- | M] ()
View Exif/GPS/IPTC with IExif: C:\Program Files\Opanda\IExif 2.3\IExifCom.htm [2005/04/28 03:31:56 | 00,000,572 | ---- | M] ()

[HKEY_USERS\S-1-5-21-1008204779-2546711360-1364965346-1006\Software\Microsoft\Internet Explorer\MenuExt\]
Locate Spot on Map by GPS: C:\Program Files\Opanda\IExif 2.3\IExifMap.htm [2005/06/30 22:32:10 | 00,000,573 | ---- | M] ()
View Exif/GPS/IPTC with IExif: C:\Program Files\Opanda\IExif 2.3\IExifCom.htm [2005/04/28 03:31:56 | 00,000,572 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: BT Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2005/05/26 11:39:14 | 00,181,352 | ---- | M] (Yahoo!)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> [2005/05/26 11:39:14 | 00,181,352 | ---- | M] (Yahoo!)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1008204779-2546711360-1364965346-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> [2005/05/26 11:39:14 | 00,181,352 | ---- | M] (Yahoo!)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://www1.snapfish.co.uk/SnapfishUKActivia.cab -- Snapfish Activia
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{BF6BBE9A-0656-4598-A0CD-32DAC03959B5}: http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab -- Image Uploader 3.0 Control
{C606BA60-AB76-48B6-96A7-2C4D5C386F70}: http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab -- PreQualifier Class
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.
Yahoo! Pool 2: http://download2.games.yahoo.com/games/clients/y/poti_x.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{08187E15-F241-478A-82AC-94475F37C355} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{257C7A39-0252-4F80-8471-EED3C6FA4C8D} (Servers: | Description: BT Voyager 1055 Laptop Adapter)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/10/18 17:43:24 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTViewIt.exe
[2008/10/18 17:36:15 | 00,002,727 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\scan.html
[2008/10/18 15:23:40 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/18 15:13:48 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTMoveIt3.exe
[2008/10/15 17:42:22 | 00,000,017 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\stinger.opt
[2008/10/15 16:22:01 | 02,482,695 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Steve\Desktop\stinger.exe
[2008/10/14 22:08:49 | 11,245,600 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/14 22:08:49 | 00,133,016 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/14 22:04:24 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2008/10/14 22:04:17 | 00,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/10/14 22:04:11 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/10/14 22:04:11 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2008/10/14 22:04:09 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2008/10/14 22:04:09 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2008/10/14 22:04:06 | 01,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2008/10/14 22:04:06 | 00,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2008/10/14 22:04:06 | 00,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2008/10/14 22:04:05 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2008/10/14 22:04:05 | 00,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/14 22:04:05 | 00,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2008/10/14 22:04:05 | 00,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2008/10/14 22:04:05 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/10/14 22:03:16 | 00,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2008/10/14 22:03:16 | 00,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2008/10/14 22:03:16 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2008/10/14 21:28:35 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/14 21:28:35 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/14 20:43:03 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/10/14 20:42:33 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/10/13 17:43:37 | 00,009,283 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\hijackthis2
[2008/10/13 16:10:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Malwarebytes
[2008/10/13 16:10:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/13 16:10:55 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/13 16:10:55 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/13 16:10:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/13 16:10:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/13 16:09:27 | 02,189,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve\Desktop\mbam-setup.exe
[2008/10/12 22:17:38 | 10,835,5103 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Panacea - _Ink is My Drink_ (Instrumentals).zip
[2008/10/12 21:19:30 | 32,196,40320 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/12 18:06:07 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/12 18:06:07 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/12 11:10:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\mission - everything but the album
[2008/10/12 11:05:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\s-rhyme_related-1999-emg_int
[2008/10/12 11:04:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\d-officialmixb-sidesbootlegs
[2008/10/12 10:55:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\People_Under_The_Stairs-Fun_DMC-2008-FTD
[2008/10/12 10:51:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\mike1b_MightyUndrDogs
[2008/10/12 10:17:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\The_Mighty_Underdogs-Droppin_Science_Fiction-2008-C4
[2008/10/11 16:56:39 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\HijackThis.lnk
[2008/10/11 16:56:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/11 16:11:54 | 00,000,963 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Spybot - Search & Destroy.lnk
[2008/10/11 16:11:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/11 16:11:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/05 08:13:28 | 00,000,000 | ---D | C] -- C:\Program Files\ioazzzc
[2008/10/05 08:13:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\yrsdizml

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2008/10/18 17:43:36 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTViewIt.exe
[2008/10/18 17:36:15 | 00,002,727 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\scan.html
[2008/10/18 15:44:05 | 11,245,600 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/18 15:29:20 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/18 15:28:45 | 00,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/18 15:28:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/18 15:28:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/18 15:28:20 | 32,196,40320 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/18 15:27:34 | 00,133,016 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/18 15:13:51 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTMoveIt3.exe
[2008/10/18 15:05:18 | 00,000,583 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\My Sharing Folders.lnk
[2008/10/16 22:11:02 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/15 21:04:29 | 00,166,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 21:01:41 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 17:44:26 | 00,000,017 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\stinger.opt
[2008/10/15 16:22:33 | 02,482,695 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Steve\Desktop\stinger.exe
[2008/10/14 22:23:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/14 22:06:34 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/10/14 21:28:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/14 21:28:35 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/14 21:02:37 | 00,210,416 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\zaSetup_en.exe
[2008/10/13 19:03:34 | 10,835,5103 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Panacea - _Ink is My Drink_ (Instrumentals).zip
[2008/10/13 17:43:37 | 00,009,283 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\hijackthis2
[2008/10/13 16:10:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/13 16:09:35 | 02,189,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve\Desktop\mbam-setup.exe
[2008/10/12 21:18:15 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/12 21:18:15 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/12 21:18:15 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/10/12 18:06:07 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/12 18:06:07 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/11 17:42:23 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/10/11 17:42:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/10/11 16:56:39 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\HijackThis.lnk
[2008/10/11 16:17:16 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Spybot - Search & Destroy.lnk
[2008/10/11 08:49:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/10/11 08:49:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/10/10 20:18:39 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/10/10 20:10:57 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable
[2008/10/10 20:10:55 | 00,007,680 | -HS- | M] () -- C:\WINDOWS\System32\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\Thumbs.db:encryptable
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/24 19:45:36 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/09/24 19:45:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
< End of report >

Extras.txt report

OTViewIt Extras logfile created on: 18/10/2008 17:44:14 - Run
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.79 Gb Available in Paging File | 94.63% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 171.42 Gb Total Space | 2.33 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Drive D: | 58.19 Gb Total Space | 43.58 Gb Free Space | 74.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-N-HELLYS
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 05:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 05:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
[2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Home Networking Application
[2008/03/21 15:04:02 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
File not found -- C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Disabled:mRouterRuntime Module
File not found -- C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek
[2008/09/30 19:01:36 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/07/02 04:29:28 | 03,616,768 | ---- | M] () -- C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/12/22 09:38:40 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/05 01:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}"=Nokia Map Loader
"{04AA1207-D8C6-45DC-A96D-48358EBE09F3}"=PSShortcuts
"{075473F5-846A-448B-BCB3-104AA1760205}"=Roxio RecordNow Data
"{0FD0FF9D-C87C-47C4-AEC5-98C760E783E7}"=BT Voyager Wireless Utility
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Roxio DLA
"{13CB71B3-A8D4-4C46-91EF-4EF22C30D25B}"=PS7700
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{200B415D-7CC6-4818-8624-9E43EDF19D9C}"=Garmin City Navigator Europe NT v9
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{25569723-DC5A-4467-A639-79535BF01B71}"=Adobe Help Center 2.1
"{29F46CDB-55A1-4FCA-AB22-1F3481097424}"=PayPal Payment Request Wizard for Outlook Express
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}"=Nokia Nseries Video Manager
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}"=Logitech SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3186AEAE-E104-424D-9152-1BF6A4404758}"=Nokia Software Updater
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}"=Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{359D2A79-64C6-4824-83CE-B053297DED6A}"=Adobe Photoshop Lightroom
"{3846E811-639D-4DE1-844B-30491C0A6C0C}"=Dell Support 3.2
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}"=Dell CinePlayer
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}"=DigitImg
"{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}"=ESET NOD32 Antivirus
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}"=EOS Capture 1.5
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}"=Sonic Activation Module
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}"=PC Connectivity Solution
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6BC772A5-59F5-4290-83DB-F72B213ED79D}"=Addkey
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{96E94E18-54D6-42C1-8FC4-24DACEDC3395}"=Nokia NSeries System Utilities
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}"=Nokia Connectivity Cable Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}"=Adobe Photoshop Elements 5.0
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{A8C856AD-63CD-4613-AA29-E6C85607EA06}"=Nokia Software Launcher
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Roxio RecordNow Copy
"{B376402D-58EA-45EA-BD50-DD924EB67A70}"=HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}"=Canon PhotoRecord
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}"=MCU
"{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}"=Photosmart 140,240,7200,7600,7700,7900 Series
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}"=HP Software Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DF29A0E2-DF76-4932-98A9-34B441F40486}"=Auction Sentry
"{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}"=Garmin POI Loader
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}"=Nokia Lifeblog 2.5
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}"=KhalSetup
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}"=PSUsage
"{F4EE8763-EAA8-4BC1-8594-8501F5F00414}"=Nokia NSeries One Touch Access
"{F779EC8D-6703-4C4A-817C-37B07898E647}"=Nokia NSeries Content Copier
"{F89E5AD8-AE47-49B5-B9F9-C498791E6255}"=Nokia NSeries Music Manager
"{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}"=Nokia NSeries Multimedia Player
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}"=Broadcom Management Programs
"{FD349381-D79C-4E5C-8980-015DFFB962D5}"=Nokia NSeries Application Installer
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Photoshop Elements 5"=Adobe Photoshop Elements 5.0
"Adobe Shockwave Player"=Adobe Shockwave Player
"Azureus"=Azureus
"Bonusprint PhotoBook Editor_is1"=Bonusprint PhotoBook Editor
"BT Yahoo! Applications"=BT Yahoo! Applications
"CAL"=Canon Camera Access Library
"CameraWindowDVC5"=Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC"=Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task"=CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX"=Canon Internet Library for ZoomBrowser EX
"CDex"=CDex extraction audio
"CSCLIB"=Canon Camera Support Core Library
"DPP"=Canon Utilities Digital Photo Professional 3.1
"EOS Utility"=Canon Utilities EOS Utility
"F064B256B4A20996EA9E333B5E0F14B61AB3333D"=Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"HijackThis"=HijackThis 2.0.2
"hp instant support"=hp instant support
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}"=Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}"=Canon Utilities EOS Capture 1.5
"KB835221WXP"=High Definition Audio Driver Package - KB835221
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Neat Image_is1"=Neat Image v5 Demo (with plug-in)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"ODSK"=Canon Utilities Original Data Security Tools
"oggcodecs"=oggcodecs 0.71.0946
"Opanda IExif_is1"=Opanda IExif 2.3
"PhotoStitch"=Canon Utilities PhotoStitch
"Picture Style Editor"=Canon Utilities Picture Style Editor
"QuickTime"=QuickTime
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask"=Canon RemoteCapture Task for ZoomBrowser EX
"SearchAssist"=SearchAssist
"Soulseek2"=SoulSeek 157 NS 12d
"ViewpointMediaPlayer"=Viewpoint Media Player
"WFTK"=Canon Utilities WFT-E1/E2/E3 Utility
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01005"=Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Your Uninstaller! 2006_is1"=Your Uninstaller! 2006 Version 5
"ZoneAlarm"=ZoneAlarm
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GmailPopTroubleshooter"=Gmail POP Troubleshooter

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1008204779-2546711360-1364965346-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GmailPopTroubleshooter"=Gmail POP Troubleshooter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/06/2008 07:10:53 | Computer Name = STEVE-N-HELLYS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.40413, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27/06/2008 12:43:43 | Computer Name = STEVE-N-HELLYS | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module unknown, version 0.0.0.0, fault address 0x02bcc64e.

Error - 27/06/2008 12:44:19 | Computer Name = STEVE-N-HELLYS | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module unknown, version 0.0.0.0, fault address 0x02e1bcb0.

Error - 09/07/2008 13:34:19 | Computer Name = STEVE-N-HELLYS | Source = Application Hang | ID = 1002
Description = Hanging application wltray.exe, version 3.100.40.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 27/07/2008 08:42:46 | Computer Name = STEVE-N-HELLYS | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.4669, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 31/07/2008 13:44:27 | Computer Name = STEVE-N-HELLYS | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.4669, faulting
module unknown, version 0.0.0.0, fault address 0x053a6322.

Error - 12/08/2008 16:01:04 | Computer Name = STEVE-N-HELLYS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Works -- Error 1706.No valid source could be found
for product Microsoft Works. The Windows installer cannot continue.

Error - 12/08/2008 16:01:04 | Computer Name = STEVE-N-HELLYS | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Works - Update 'Update for Microsoft Works 8 (KB955428)'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 02/09/2008 15:48:40 | Computer Name = STEVE-N-HELLYS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module rpcrt4.dll, version 5.1.2600.3173, fault address 0x000085f7.

Error - 14/09/2008 06:00:11 | Computer Name = STEVE-N-HELLYS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3105, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 15/10/2008 16:04:55 | Computer Name = STEVE-N-HELLYS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 16/10/2008 14:02:26 | Computer Name = STEVE-N-HELLYS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 16/10/2008 14:05:30 | Computer Name = STEVE-N-HELLYS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
OFFICE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{257C7A39-0252-4F80-84.
The
master browser is stopping or an election is being forced.

Error - 17/10/2008 02:05:20 | Computer Name = STEVE-N-HELLYS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 17/10/2008 11:32:07 | Computer Name = STEVE-N-HELLYS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 17/10/2008 15:57:44 | Computer Name = STEVE-N-HELLYS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 17/10/2008 15:59:34 | Computer Name = STEVE-N-HELLYS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
OFFICE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{257C7A39-0252-4F80-84.
The
master browser is stopping or an election is being forced.

Error - 18/10/2008 10:02:30 | Computer Name = STEVE-N-HELLYS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 18/10/2008 10:20:32 | Computer Name = STEVE-N-HELLYS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 18/10/2008 10:28:45 | Computer Name = STEVE-N-HELLYS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid


< End of report >

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:32 AM

Posted 18 October 2008 - 08:30 PM

Hello, steve75.
Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.

We need to uninstall one or more programs
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5


That looks clean. How are things running?

In your next reply, please include the following:
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 steve75

steve75
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 19 October 2008 - 03:25 AM

Hi Billy, thanks again for your efforts..... It's good to hear that it's looking clean....

Things seem to be running fine, however, i did experience an instance of the blue screen of death a few days ago, this was shortly after i ran Malwarebyte's Anti-Malware (Mbam) program - this was prior to you helping me - though i have not experienced any other problems since, so i'm putting it down to coincidence.

I have removed Viewpoint as instructed and also the Java & J2SE updates. Mind if i ask why the java and j2se updates needed removing??

Below is my new HJT log. Thanks again. :thumbsup:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14:29, on 19/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\wltray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061022
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16318
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9709 bytes

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:32 AM

Posted 19 October 2008 - 12:56 PM

Hello, steve75.

All versions of java other than Version 6 Update 7 should be removed. This is because several variants of malware infect through old versions of Java, and when you install a new update, the old stuff isn't removed automaticly.

Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3

Edited by Billy O'Neal, 19 October 2008 - 12:57 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 steve75

steve75
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 20 October 2008 - 04:13 PM

Hi Billy thanks for your help once again. Things seem to be running just fine now :)

I think we are done here, i've have completed all your instructions from your last post and i'm good to go once again! If you or anybody else would like to close the topic then feel free

A BIG THANKS to you and all the great people here at bleeping computers! :thumbsup:

Steve

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:32 AM

Posted 20 October 2008 - 05:18 PM

Hello, steve75.
You're welcome :D

Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users