Vexta
2007-02-13, 14:23
Hi
For a while now I have been getting multiple alerts from Resident evry time I boot up that I can only get rid of by right clicking in the Spybot tab in the Windows taskbar and clicking on 'close' - about five times!
The Resident Alert says: Registry change denied
Resident denied the change of ITBarLayout (category User-specific browser toolbar) based on your black list.
I've done all the basic Spybot and Adaware scans and fixed a few things, still getting alerts. Did a Panda online scan, fixed a few things, but still more alerts.
1. Is this ITBarLayout thingy malware or is just a regular IE add-on? I certainly didn't manualy try to install it.
2. Do you know where on my hard drive it may be living?
3. If it is malware, can you halp me get rid of please? It's driving me a bit mad now!!
Here's the online scan summary:
Incident Status Location
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Staff\Cookies\staff@adrevolver[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Staff\Cookies\staff@adtech[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Staff\Cookies\staff@apmebf[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Staff\Cookies\staff@bs.serving-sys[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Staff\Cookies\staff@media.adrevolver[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Staff\Cookies\staff@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Staff\Cookies\staff@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Staff\Cookies\staff@statcounter[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Staff\Cookies\staff@tradedoubler[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Staff\Cookies\staff@tribalfusion[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Staff\Cookies\staff@weborama[2].txt
Also here's the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:27:47, on 13/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\1_Non Windows Software\Graphics Apps\Maya 6\Prog Files\docs\Wrapper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\1_Non Windows Software\Administrative Software\Ewido\Prog Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\1_Non Windows Software\Graphics Apps\Maya 6\Prog Files\docs\jre\bin\java.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\1_Non Windows Software\Archiving Apps\Roxio Easy CD 7\Prog Files\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Distillr\Acrotray.exe
C:\Program Files\1_Non Windows Software\Administrative Software\Zone Alarm\Prog Files\Prog Files\zlclient.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\1_Non Windows Software\Video tools\Quicktime Pro 7 & i-tunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Staff\Start Menu\Programs\Administrative Tools\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\1_NONW~1\ADMINI~1\Spybot\PROGFI~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\1_Non Windows Software\Archiving Apps\Roxio Easy CD 7\Prog Files\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\1_Non Windows Software\Administrative Software\Zone Alarm\Prog Files\Prog Files\zlclient.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\1_Non Windows Software\Video tools\Quicktime Alternative\Prog files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\1_Non Windows Software\Video tools\Quicktime Pro 7 & i-tunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\1_Non Windows Software\Administrative Software\Spybot\Prog Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\1_Non Windows Software\Office XP\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\1_NONW~1\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\1_NONW~1\OFFICE~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www1.talksport.net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\1_Non Windows Software\Graphics Apps\Maya 6\Prog Files\docs\Wrapper.exe" -s "C:\Program Files\1_Non Windows Software\Graphics Apps\Maya 6\Prog Files\docs/Wrapper.conf (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\1_Non Windows Software\Administrative Software\Ewido\Prog Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Any help would be greatfully received...
Thanks :)
For a while now I have been getting multiple alerts from Resident evry time I boot up that I can only get rid of by right clicking in the Spybot tab in the Windows taskbar and clicking on 'close' - about five times!
The Resident Alert says: Registry change denied
Resident denied the change of ITBarLayout (category User-specific browser toolbar) based on your black list.
I've done all the basic Spybot and Adaware scans and fixed a few things, still getting alerts. Did a Panda online scan, fixed a few things, but still more alerts.
1. Is this ITBarLayout thingy malware or is just a regular IE add-on? I certainly didn't manualy try to install it.
2. Do you know where on my hard drive it may be living?
3. If it is malware, can you halp me get rid of please? It's driving me a bit mad now!!
Here's the online scan summary:
Incident Status Location
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Staff\Cookies\staff@adrevolver[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Staff\Cookies\staff@adtech[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Staff\Cookies\staff@apmebf[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Staff\Cookies\staff@bs.serving-sys[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Staff\Cookies\staff@media.adrevolver[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Staff\Cookies\staff@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Staff\Cookies\staff@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Staff\Cookies\staff@statcounter[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Staff\Cookies\staff@tradedoubler[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Staff\Cookies\staff@tribalfusion[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Staff\Cookies\staff@weborama[2].txt
Also here's the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:27:47, on 13/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\1_Non Windows Software\Graphics Apps\Maya 6\Prog Files\docs\Wrapper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\1_Non Windows Software\Administrative Software\Ewido\Prog Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\1_Non Windows Software\Graphics Apps\Maya 6\Prog Files\docs\jre\bin\java.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\1_Non Windows Software\Archiving Apps\Roxio Easy CD 7\Prog Files\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Distillr\Acrotray.exe
C:\Program Files\1_Non Windows Software\Administrative Software\Zone Alarm\Prog Files\Prog Files\zlclient.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\1_Non Windows Software\Video tools\Quicktime Pro 7 & i-tunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Staff\Start Menu\Programs\Administrative Tools\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\1_NONW~1\ADMINI~1\Spybot\PROGFI~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\1_Non Windows Software\Archiving Apps\Roxio Easy CD 7\Prog Files\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\1_Non Windows Software\Administrative Software\Zone Alarm\Prog Files\Prog Files\zlclient.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\1_Non Windows Software\Video tools\Quicktime Alternative\Prog files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\1_Non Windows Software\Video tools\Quicktime Pro 7 & i-tunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\1_Non Windows Software\Administrative Software\Spybot\Prog Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\1_Non Windows Software\Office XP\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\1_Non Windows Software\Graphics Apps\Adobe\Acro_70_Pro_IE_Upg\Prog Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\1_NONW~1\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\1_NONW~1\OFFICE~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www1.talksport.net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\1_Non Windows Software\Graphics Apps\Maya 6\Prog Files\docs\Wrapper.exe" -s "C:\Program Files\1_Non Windows Software\Graphics Apps\Maya 6\Prog Files\docs/Wrapper.conf (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\1_Non Windows Software\Administrative Software\Ewido\Prog Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Any help would be greatfully received...
Thanks :)