Win32.Agent.pz not being removed by Spybot

kdyteejay · May 11, 2009

Hi there, I'm currently battling with the win32.agent.pz virus and have been for 3 days. I have run out of ideas so here I am.
I ran spybot which said it found win32.agent.pz. Everytime I run it I click 'fix' and it says the items have been fixed, but when I restart my machine they reappear.

Hands up at this point. I have just read the 'Before you log' post and realise that I should not have run programs like combofix without being told, but as I say I was hunting round for solutions and only now that I am posting this did I read 'before you post'. I hope I have not made this any more difficult than it needs to be.

Please find my hijack logs to help out.. Thanks in advance Tom.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:40, on 11/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Spyware\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/wi...ls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/mi...ls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 15469 bytes

Shaba · May 12, 2009

Hi kdyteejay

Please post next spybot report and fresh HijackThis log taken in normal mode

kdyteejay · May 12, 2009

Hi Shaba,

thank you for the assistance. Here are the Hijack This and Spybot reports as requested. I will post the spybot report as separate reply due to size.

For you information any time I click on an icon an installer window attempts to install Adobe Acrobat 8.1.0.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:59, on 12/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Apoint\HidFind.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Spyware\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\componentlauncher.exe
C:\WINDOWS\SoftwareDistribution\Download\491a2c8e1582f5cdd01f8b3da4b8ef7d\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/wi...ls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/mi...ls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 18207 bytes

kdyteejay · May 12, 2009

Hi Shaba

here is the spybot report

--- Search result list ---
Win32.Agent.pz: [SBI $7EC6899E] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

Win32.Agent.pz: [SBI $8980C6CD] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

Win32.Agent.pz: [SBI $0F1C75F7] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-05-08 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-03-25 Includes\Adware.sbi (*)
2009-05-05 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-31 Includes\Dialer.sbi (*)
2009-05-05 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-04-21 Includes\Hijackers.sbi (*)
2009-05-05 Includes\HijackersC.sbi (*)
2009-05-06 Includes\Keyloggers.sbi (*)
2009-05-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-05-05 Includes\Malware.sbi (*)
2009-05-05 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-05-05 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-05-05 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-05-05 Includes\SpywareC.sbi (*)
2009-04-07 Includes\Tracks.uti
2009-04-29 Includes\Trojans.sbi (*)
2009-05-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows Media Encoder: Security Update for Windows Media Encoder (KB954156)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP3: Update for Windows XP (KB925720)
/ Windows XP / SP3: Security Update for Windows XP (KB944338-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB963027)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0

--- Startup entries list ---
Located: HK_LM:Run, Acrobat Assistant 8.0
command: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 624248
MD5: 4D042B1F1375CF371AFBE0E0276BA627

Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3

Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint\Apoint.exe
file: C:\Program Files\Apoint\Apoint.exe
size: 176128
MD5: BDF765B33972A95AE8B5C5262D5E1325

Located: HK_LM:Run, BDRegion
command: C:\Program Files\Cyberlink\Shared Files\brs.exe
file: C:\Program Files\Cyberlink\Shared Files\brs.exe
size: 91432
MD5: 52D24864F876780D379409979921B263

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 52896
MD5: 1918A1D8E67A6452720797919FA520C9

Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 696320
MD5: 4E984DF322DBEEFBD92A54C03DA43C37

Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 802816
MD5: 8EDB7E5FEB26EA4E2BE78053831F32DC

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 7401472
MD5: F9BF123790ED9B0491147D7B8191CBEB

Located: HK_LM:Run, NVHotkey
command: rundll32.exe nvHotkey.dll,Start
file: C:\WINDOWS\system32\nvHotkey.dll
size: 73728
MD5: 0EA63EBB1D375217B96768463548DF6B

Located: HK_LM:Run, nwiz
command: nwiz.exe /installquiet
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: AE0A7905C97BA30211C700C3E12DFD83

Located: HK_LM:Run, PDVD8LanguageShortcut
command: "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
file: C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
size: 50472
MD5: AA62A9A6CE962107761775C66F49AD53

Located: HK_LM:Run, RemoteControl8
command: "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
file: C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
size: 83240
MD5: 0A80BED61A1729DAB9499BC5A9B515A9

Located: HK_LM:Run, RoxioDragToDisc
command: "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
file: C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
size: 1116920
MD5: BD57A6AFA05DF87BCAE9BB11FB0C4DDE

Located: HK_LM:Run, SigmatelSysTrayApp
command: stsystra.exe
file: C:\WINDOWS\stsystra.exe
size: 282624
MD5: AD2506958DE1937C16C553C0A1BE0572

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 99984
MD5: EE77F6613CEF0F7A118D8B14A630C919

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 74BC945EB2584E90619A56EF5028AB0F

Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
file: C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
size: 90112
MD5: 4B954730657F43B88A308C41FE570331

Located: HK_LM:Run, YBrowser
command: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
file: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
size: 129536
MD5: 2EF423CB1782744666C3A9B827C7AA9C

Located: HK_LM:Run, YOP
command: C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
file: C:\PROGRA~1\Yahoo!\YOP\yop.exe
size: 509224
MD5: 176A0FA6851AB08491AA4EFB4D0258EF

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, ctfmon.exe
where: PE_C_BACKUP...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, DAEMON Tools
where: PE_C_BACKUP...
command: "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
file: C:\Program Files\DAEMON Tools\daemon.exe
size: 171464
MD5: FCB7866A653C9FD15E7A71EF3E8FA7E7

Located: HK_CU:Run, DellSupport
where: PE_C_BACKUP...
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 395776
MD5: 825EDDDB0521EB2183C7E3C45BB5FE97

Located: HK_CU:Run, ModemOnHold
where: PE_C_BACKUP...
command: C:\Program Files\NetWaiting\netWaiting.exe
file: C:\Program Files\NetWaiting\netWaiting.exe
size: 20480
MD5: 676B1D0BFA5EF8005395AB43F33DE1F1

Located: HK_CU:Run, BitTorrent
where: PE_C_TJONES.ANDREW...
command: "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
file: C:\Program Files\BitTorrent\bittorrent.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe
where: PE_C_TJONES.ANDREW...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, EPSON Stylus Photo R220 Series
where: PE_C_TJONES.ANDREW...
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_S166.tmp" /EF "HKCU"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
size: 177664
MD5: D6E641ECC09C3FBFBFAEA96C58230991

Located: HK_CU:Run, eyeBeam SIP Client
where: PE_C_TJONES.ANDREW...
command: "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
file: C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe
size: 19857408
MD5: D37AF5B764F454A6302B6084F51D8A75

Located: HK_CU:Run, ModemOnHold
where: PE_C_TJONES.ANDREW...
command: C:\Program Files\NetWaiting\netWaiting.exe
file: C:\Program Files\NetWaiting\netWaiting.exe
size: 20480
MD5: 676B1D0BFA5EF8005395AB43F33DE1F1

Located: HK_CU:Run, Yahoo! Pager
where: PE_C_TJONES.ANDREW...
command: C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, DellSupport
where: S-1-5-21-544167479-3238991017-1866274268-1005...
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 395776
MD5: 825EDDDB0521EB2183C7E3C45BB5FE97

Located: HK_CU:Run, ModemOnHold
where: S-1-5-21-544167479-3238991017-1866274268-1005...
command: C:\Program Files\NetWaiting\netWaiting.exe
file: C:\Program Files\NetWaiting\netWaiting.exe
size: 20480
MD5: 676B1D0BFA5EF8005395AB43F33DE1F1

Located: HK_CU:RunOnce, NeroHomeFirstStart
where: S-1-5-21-544167479-3238991017-1866274268-1005...
command: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
file: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Creative WebCam Tray
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: C:\Program Files\Creative\Shared Files\CamTray.exe
file: C:\Program Files\Creative\Shared Files\CamTray.exe
size: 299008
MD5: 2AA7EE2774035050512F438C2DF052A2

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, EPSON Stylus Photo R220 Series
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
size: 177664
MD5: D6E641ECC09C3FBFBFAEA96C58230991

Located: HK_CU:Run, eyeBeam SIP Client
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
file: C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe
size: 19857408
MD5: D37AF5B764F454A6302B6084F51D8A75

Located: HK_CU:Run, internat
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: C:\WINDOWS\internat.exe
file: C:\WINDOWS\internat.exe
size: 75264
MD5: 599618FCA313395BC5A6D73BC2D6B19F

Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 5724184
MD5: A8972A2F9A744DD5EE0BFE429D767F1C

Located: HK_CU:Run, SYS32DLL
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: SYS32DLL
file: SYS32DLL
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Yahoo! Pager
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
size: 4670704
MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-544167479-3238991017-1866274268-1013...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, DellSupport
where: S-1-5-21-544167479-3238991017-1866274268-500...
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 395776
MD5: 825EDDDB0521EB2183C7E3C45BB5FE97

Located: HK_CU:Run, ModemOnHold
where: S-1-5-21-544167479-3238991017-1866274268-500...
command: C:\Program Files\NetWaiting\netWaiting.exe
file: C:\Program Files\NetWaiting\netWaiting.exe
size: 20480
MD5: 676B1D0BFA5EF8005395AB43F33DE1F1

Located: HK_CU:RunOnce, NeroHomeFirstStart
where: S-1-5-21-544167479-3238991017-1866274268-500...
command: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
file: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: Startup (common), Windows Desktop Search.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
file: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 118784
MD5: 946467B375D696FA073A6B9370A4C6CE

Located: Startup (user), SpywareGuard.lnk
where: C:\Documents and Settings\admin\Start Menu\Programs\Startup...
command: C:\Program Files\SpywareGuard\sgmain.exe
file: C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61C028ABA5E49573A6332F4A7C744E87

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 45056
MD5: 4F08576DA1C93A5EC62EB2AD6EC3D084

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn0\
Long name: yt.dll
Short name:
Date (created): 13/04/2007 22:27:12
Date (last access): 12/05/2009 18:30:26
Date (last write): 26/10/2006 10:28:40
Filesize: 440384
Attributes: archive
MD5: 2785037CE05B63D5607C9D5DFB2FEEE4
CRC32: 9ED93A02
Version: 2006.10.26.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 23/10/2006 00:08:42
Date (last access): 12/05/2009 17:47:34
Date (last write): 23/10/2006 00:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 08/12/2007 17:20:00
Date (last access): 12/05/2009 17:47:34
Date (last write): 08/12/2007 17:20:00
Filesize: 370296
Attributes: archive
MD5: 4D630E9EF94CF8814DFD0E5938230822
CRC32: 02C3DBBF
Version: 1.0.0.522

{4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuard Download Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: SpywareGuard Download Protection
CLSID name: SpywareGuardDLBLOCK.CBrowserHelper
description: SpywareGuard download protection
classification: Legitimate
known filename: dlprotect.dll
info link: http://www.wilderssecurity.net/spywareguard.html
info source: TonyKlein
Path: C:\Program Files\SpywareGuard\
Long name: dlprotect.dll
Short name: DLPROT~1.DLL
Date (created): 03/08/2003 00:24:02
Date (last access): 12/05/2009 17:47:34
Date (last write): 03/08/2003 00:24:02
Filesize: 192512
Attributes: readonly archive
MD5: 964621E8B2415FEAA99026ED4F29D198
CRC32: DC8CF59D
Version: 2.2.0.0

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 08/05/2009 19:29:06
Date (last access): 12/05/2009 17:47:34
Date (last write): 26/01/2009 15:31:02
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\PROGRA~1\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 23/03/2007 21:29:14
Date (last access): 12/05/2009 18:01:18
Date (last write): 31/10/2006 16:33:54
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 2006.10.31.3

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 05/08/2008 22:26:36
Date (last access): 12/05/2009 18:30:26
Date (last write): 10/06/2008 04:27:02
Filesize: 509328
Attributes: archive
MD5: F921D875A1CBD69A6A462BA2514BC831
CRC32: 38AC9EE2
Version: 6.0.70.6

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 17/02/2009 17:11:04
Date (last access): 12/05/2009 17:47:38
Date (last write): 17/02/2009 17:11:04
Filesize: 408440
Attributes: archive
MD5: 1A82C1B9BB43385695EFC3A84F6756A2
CRC32: 75E558CA
Version: 5.0.818.6

{9CB65201-89C4-402c-BA80-02D8C59F9B1D} (Ask Search Assistant BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Ask Search Assistant BHO
CLSID name:

{AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Conversion Toolbar Helper
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 04/11/2007 22:37:32
Date (last access): 12/05/2009 17:47:38
Date (last write): 10/05/2007 23:47:04
Filesize: 321120
Attributes: archive
MD5: FF29E3FB75E7726EE002B65A9F2D4A6E
CRC32: 1831F50E
Version: 8.1.0.0

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live Toolbar\
Long name: msntb.dll
Short name:
Date (created): 19/10/2007 11:20:48
Date (last access): 12/05/2009 17:47:38
Date (last write): 19/10/2007 11:20:48
Filesize: 546320
Attributes: archive
MD5: CEE1BE1DA21300208D07FBEAE9EA2B51
CRC32: 12446524
Version: 3.1.0.146

{CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: CBrowserHelperObject Object
Path: C:\Program Files\BAE\
Long name: BAE.dll
Short name:
Date (created): 12/03/2007 12:05:54
Date (last access): 12/05/2009 17:47:40
Date (last write): 17/11/2006 05:32:40
Filesize: 98304
Attributes: archive
MD5: 28E1B808DD272CBD8F5667959DEB61C1
CRC32: 1ED1D667
Version: 1.2.0.2

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} (SidebarAutoLaunch Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SidebarAutoLaunch Class
Path: C:\Program Files\Yahoo!\browser\
Long name: YSidebarIEBHO.dll
Short name: YSIDEB~2.DLL
Date (created): 23/03/2007 21:27:54
Date (last access): 12/05/2009 18:01:18
Date (last write): 03/02/2005 18:07:08
Filesize: 124032
Attributes: archive
MD5: 0645DBCBDB3F4A69AEE13F4B5F9C4291
CRC32: 75CB3FBB
Version: 2004.8.3.1

{FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Ask Toolbar BHO
CLSID name: Ask Toolbar BHO
Path: C:\Program Files\AskTBar\bar\1.bin\
Long name: ASKTBAR.DLL

--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{00000055-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\fhg.inf
Codebase: http://codecs.microsoft.com/codecs/i386/fhg.CAB
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 04/11/2008 11:31:14
Date (last access): 10/05/2009 22:47:26
Date (last write): 04/11/2008 11:31:14
Filesize: 779568
Attributes: archive
MD5: 7977EEA67691BA941CED002B13633ECE
CRC32: 3C521BFC
Version: 7.55.90.70

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer: C:\Program Files\Yahoo!\common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: Yinsthelper20073151.dll
Short name: YINSTH~3.DLL
Date (created): 16/03/2007 02:49:04
Date (last access): 17/04/2009 03:03:52
Date (last write): 16/03/2007 02:49:04
Filesize: 209448
Attributes: archive
MD5: 4380A4799E826AF03FD975B4A71E9268
CRC32: 423BF1F7
Version: 2007.3.15.1

{48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control)
DPF name:
CLSID name: MySpace Uploader Control
Installer: C:\WINDOWS\Downloaded Program Files\MySpaceUploader.inf
Codebase: http://lads.myspace.com/upload/MySpaceUploader1006.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MySpaceUploader.ocx
Short name: MYSPAC~1.OCX
Date (created): 31/10/2007 14:03:14
Date (last access): 17/04/2009 03:03:54
Date (last write): 01/02/2008 04:17:04
Filesize: 2637440
Attributes: archive
MD5: 2245B3CAE09AF148D983F88F62153628
CRC32: A47295FA
Version: 1.0.0.6

{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control)
DPF name:
CLSID name: Image Uploader Control
Installer: C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf
Codebase: http://www.microquiz.eu/ImageUploader5.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ImageUploader5.ocx
Short name: IMAGEU~2.OCX
Date (created): 12/09/2008 18:03:44
Date (last access): 17/04/2009 03:03:54
Date (last write): 12/09/2008 18:03:44
Filesize: 3552776
Attributes: archive
MD5: 74CD7B363F860B72EE605EFF90A61A82
CRC32: 0EA96110
Version: 5.5.6.0

{61628958-4627-48F4-99FD-30719188568D} (XCheck Control)
DPF name:
CLSID name: XCheck Control
Installer: C:\WINDOWS\Downloaded Program Files\XCheck.INF
Codebase: http://www.ifrontiers.com/ActiveX/XCheck.CAB
Path: C:\WINDOWS\system32\
Long name: XCheck.OCX
Short name:
Date (created): 17/08/2006 12:24:00
Date (last access): 17/04/2009 03:03:54
Date (last write): 17/08/2006 12:24:00
Filesize: 56632
Attributes: archive
MD5: EFD28B5EE575AF4215BF2AE1C6F7CF54
CRC32: 3A5FF5DA
Version: 1.0.0.5

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://test.update.microsoft.com/wi...ls/en/x86/client/wuweb_site.cab?1174297478281
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 11/08/2004 18:12:56
Date (last access): 12/05/2009 17:59:04
Date (last write): 16/10/2008 14:13:40
Filesize: 202776
Attributes: archive
MD5: 1865594AFE88C27A127FF4CF492734B0
CRC32: F48FD025
Version: 7.2.6001.788

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://test.update.microsoft.com/mi...ls/en/x86/client/muweb_site.cab?1174297563946
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 28/02/2007 12:44:30
Date (last access): 12/05/2009 17:59:00
Date (last write): 16/10/2008 15:06:48
Filesize: 208744
Attributes: archive
MD5: D2E6F0A06391FE5556E8A1D6D5041A5E
CRC32: 27FBFA7D
Version: 7.2.6001.788

{6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control)
DPF name:
CLSID name: Image Uploader Control
Installer: C:\WINDOWS\Downloaded Program Files\ImageUploader4.inf
Codebase: http://www.microquiz.eu/ImageUploader4.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ImageUploader4.ocx
Short name: IMAGEU~1.OCX
Date (created): 06/06/2007 19:34:50
Date (last access): 17/04/2009 03:03:54
Date (last write): 06/06/2007 19:34:50
Filesize: 2631480
Attributes: archive
MD5: A581AA0039CF0109C31D00DEDD51DCA6
CRC32: BA370685
Version: 4.5.4.0

{7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control)
DPF name:
CLSID name: Windows Live Photo Upload Control
Installer: C:\WINDOWS\Downloaded Program Files\MSNPUpld.inf
Codebase: http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 02/08/2007 11:31:32
Date (last access): 12/05/2009 17:54:50
Date (last write): 02/08/2007 11:31:32
Filesize: 360320
Attributes: archive
MD5: C670858E2347EAB5C9507A91A142210F
CRC32: B1C9923E
Version: 10.0.916.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer: C:\WINDOWS\Downloaded Program Files\jinstall-6u7.inf
Codebase: http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10/06/2008 02:32:34
Date (last access): 17/04/2009 03:03:52
Date (last write): 10/06/2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 02/03/2006 14:52:58
Date (last access): 17/04/2009 03:03:54
Date (last write): 10/11/2005 14:22:12
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10/06/2008 02:32:34
Date (last access): 12/05/2009 18:42:04
Date (last write): 10/06/2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10/06/2008 02:32:34
Date (last access): 12/05/2009 18:42:04
Date (last write): 10/06/2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10a.ocx
Short name:
Date (created): 05/10/2008 04:16:26
Date (last access): 10/05/2009 22:42:10
Date (last write): 05/10/2008 04:16:26
Filesize: 3789728
Attributes: readonly archive
MD5: 466C1355934925768822E380DA6E6E4A
CRC32: 48EC1E52
Version: 10.0.12.36

{E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class)
DPF name:
CLSID name: LoaderOnline Class
Installer: C:\WINDOWS\Downloaded Program Files\bootstrapXP.inf
Codebase: https://www.remotecontrol26.co.uk/dms website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: bootstraponline.dll
Short name: BOOTST~1.DLL
Date (created): 09/09/2008 12:49:46
Date (last access): 09/05/2009 00:47:30
Date (last write): 09/09/2008 12:49:46
Filesize: 815104
Attributes: archive
MD5: 3B8EB18359619BEE000DDEA778567D31
CRC32: FD5D5415
Version: 2.6.10.107

{F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class)
DPF name:
CLSID name: Photo Upload Plugin Class
Installer: C:\WINDOWS\Downloaded Program Files\PCAXSetup.inf
Codebase: http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Photochannel.dll
Short name: PHOTOC~1.DLL
Date (created): 12/05/2008 17:54:50
Date (last access): 09/05/2009 00:47:32
Date (last write): 12/05/2008 17:54:50
Filesize: 367696
Attributes: archive
MD5: 461D111A58736ADA22F0C0465A8868FC
CRC32: 21FFAB03
Version: 2.0.0.11

{F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package)
DPF name:
CLSID name: Creative Software AutoUpdate Support Package
Installer: C:\WINDOWS\Downloaded Program Files\CTPID.inf
Codebase: http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
description:
classification: Legitimate
known filename: CTPID.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\
Long name: CTPID.ocx
Short name:
Date (created): 02/09/2008 17:59:30
Date (last access): 17/04/2009 03:03:56
Date (last write): 06/08/2008 11:41:46
Filesize: 37616
Attributes: archive
MD5: D69AA2D5EB073B9C8403A7EC16720F3E
CRC32: D4D7FA3E
Version: 1.0.48.0

--- Process list ---
PID: 0 ( 0) [System]
PID: 1236 (1120) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1260 (1120) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1304 (1260) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 37561F8D4160D62DA86D24AE41FAE8DE
PID: 1316 (1260) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1504 (1304) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1572 (1304) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1612 (1304) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1664 (1304) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
size: 434176
MD5: 788C72B145C75A7EE5F5D6A32542D912
PID: 1744 (1304) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
size: 946176
MD5: C17C3A529CE14012F9731A6E264C1911
PID: 1764 (1304) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
size: 290816
MD5: 22516ED8E0D89323D4E0D9CCC2848819
PID: 1876 (1304) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2000 (1304) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 416 (1304) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 456 (1304) C:\WINDOWS\System32\SCardSvr.exe
size: 95744
MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
PID: 564 (1304) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 192160
MD5: 0A6786C95A6F8715AA4285E3C27F201F
PID: 604 (1304) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 169632
MD5: 3B4898CF051BB04FB76E94361E336A83
PID: 636 (1304) C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
size: 32768
MD5: F8146A2B29866884A6C785FF40EB38A9
PID: 660 (1304) C:\WINDOWS\system32\DVDRAMSV.exe
size: 106496
MD5: 77C4901986FC7A83E853B300E80D234B
PID: 676 (1304) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
size: 113664
MD5: 3FCCE2927E79A3F84AAAE90250F3F8F2
PID: 728 (1304) C:\Program Files\Common Files\Motive\McciCMService.exe
size: 303104
MD5: 67B6F4E0DB57DD2020A2415294BA4ED8
PID: 772 (1304) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 880 (1304) C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
size: 610304
MD5: AC37351CEF1D50C3010B04A73B27665C
PID: 936 (1304) C:\WINDOWS\system32\nvsvc32.exe
size: 143428
MD5: F99A2F3A79E8E37D6B4AE2A269AEFEEA
PID: 968 (1304) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
size: 327680
MD5: D8894ACEFE1A607DE7D0E628285BFFF4
PID: 1032 (1304) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 152 (1304) C:\WINDOWS\system32\Pen_Tablet.exe
size: 3032360
MD5: 5781D4C12D0D204447F9936D421C1B80
PID: 1172 (1304) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
size: 49152
MD5: CA90D2C55EB3BB90687677BEA3DB0B59
PID: 1232 (1304) C:\WINDOWS\system32\SearchIndexer.exe
size: 300032
MD5: 2EC497AA4B728D1B1A368ACF2E309E8B
PID: 2752 (1504) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 3100 (1304) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 4052 (3956) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 2268 (4052) C:\Program Files\Apoint\Apoint.exe
size: 176128
MD5: BDF765B33972A95AE8B5C5262D5E1325
PID: 2908 (2268) C:\Program Files\Apoint\HidFind.exe
size: 45056
MD5: DFCB0A7BCBC97922F2EE24FE11318C6C
PID: 2676 (2896) C:\Program Files\Apoint\Apntex.exe
size: 45056
MD5: 4C737FE32049AF0547827C3EB49AC3C0
PID: 3468 (2500) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 360 (4052) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 332 (1612) C:\WINDOWS\system32\wuauclt.exe
size: 51224
MD5: E654B78D2F1D791B30D0ED9A8195EC22
PID: 3472 (1232) C:\WINDOWS\system32\SearchProtocolHost.exe
size: 182784
MD5: 4B0EA20D942AF11584D2D72A8419E3CB
PID: 1952 (1232) C:\WINDOWS\system32\SearchFilterHost.exe
size: 76800
MD5: 0B57A82B223AA3CFDD264D9DB8491D43
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/05/2009 18:42:06

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchAssistant
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{49F1A700-EBEB-48CB-8D44-BC117B134704}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{49F1A700-EBEB-48CB-8D44-BC117B134704}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DDED692B-0923-4F7D-89A2-26AC23E2F305}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DDED692B-0923-4F7D-89A2-26AC23E2F305}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC745C70-080F-444F-A411-593D311AFB8A}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC745C70-080F-444F-A411-593D311AFB8A}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB546E9D-4931-4AC8-A9A4-462E1A837DAA}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB546E9D-4931-4AC8-A9A4-462E1A837DAA}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA219350-B25F-4304-B0A7-CA6C15D25C3F}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA219350-B25F-4304-B0A7-CA6C15D25C3F}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E796049-C0F7-459A-8107-BC4DBD6F56C1}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E796049-C0F7-459A-8107-BC4DBD6F56C1}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F485B183-4D61-4967-8F02-B0E94EA9FEBB}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F485B183-4D61-4967-8F02-B0E94EA9FEBB}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Shaba · May 12, 2009

Please click this link-->Jotti

Copy/paste the file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\WINDOWS\system32\pavuppad.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

kdyteejay · May 12, 2009

Hi Shaba,
I cannot find this file. I ensured I was checking for hidden files in the search

kdyteejay · May 12, 2009

Hi Shaba,
I can find it id I start windows in safe mode. but cannot access internet in this mode. Also if I try to copy the file I get message 'cannot copy - it is used by another program' Any ideas?

kdyteejay · May 12, 2009

Hi Shaba, managed to get what you wanted

File pavuppad.exe received on 05.12.2009 22:28:37 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 5/40 (12.5%)
Loading server information...
Your file is queued in position: 6.
Estimated start time is between 77 and 110 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.12 -
AhnLab-V3 5.0.0.2 2009.05.12 -
AntiVir 7.9.0.166 2009.05.12 TR/Dropper.Gen
Antiy-AVL 2.0.3.1 2009.05.12 -
Authentium 5.1.2.4 2009.05.12 -
Avast 4.8.1335.0 2009.05.12 -
AVG 8.5.0.327 2009.05.12 -
BitDefender 7.2 2009.05.12 -
CAT-QuickHeal 10.00 2009.05.12 -
ClamAV 0.94.1 2009.05.12 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.12 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6501 2009.05.12 -
F-Prot 4.4.4.56 2009.05.12 -
F-Secure 8.0.14470.0 2009.05.12 Trojan-Spy.Win32.Zbot.tml
Fortinet 3.117.0.0 2009.05.12 -
GData 19 2009.05.12 -
Ikarus T3.1.1.49.0 2009.05.12 -
K7AntiVirus 7.10.732 2009.05.11 -
Kaspersky 7.0.0.125 2009.05.12 Trojan-Spy.Win32.Zbot.tml
McAfee 5613 2009.05.12 -
McAfee+Artemis 5613 2009.05.12 -
McAfee-GW-Edition 6.7.6 2009.05.12 Trojan.Dropper.Gen
Microsoft 1.4602 2009.05.12 -
NOD32 4068 2009.05.12 -
Norman 6.01.05 2009.05.12 -
nProtect 2009.1.8.0 2009.05.12 -
Panda 10.0.0.14 2009.05.12 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.12 -
Rising 21.29.14.00 2009.05.12 -
Sophos 4.41.0 2009.05.12 Mal/Dorf-F
Sunbelt 3.2.1858.2 2009.05.12 -
Symantec 1.4.4.12 2009.05.12 -
TheHacker 6.3.4.1.325 2009.05.12 -
TrendMicro 8.950.0.1092 2009.05.12 -
VBA32 3.12.10.4 2009.05.12 -
ViRobot 2009.5.12.1731 2009.05.12 -
VirusBuster 4.6.5.0 2009.05.12 -
Additional information
File size: 384000 bytes
MD5...: 990bb9014035f42fdde62283632a4f96
SHA1..: ae5c7a1fc787760c2be8ec887452169144e1bcd3
SHA256: e4b6446ee122fb97448cd2e47abbcd86a1300dc339356a8f7510654bfd593082
SHA512: 4498bea56712b44620d8e064d1adb6015a242f258c25f89bd8a4bfbe0907ae1c
bae99d96774908af89d78d566bd047907b33616a98f640c481947afe290c76f2
ssdeep: 6144:XUWLbHZnQBuuYHHwsGA9oFG/zVLsvx9SDb4fUaasJn8UELgrF:kau0CPwNV
LsvQcWsqUmy

PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6207
timedatestamp.....: 0x47fa7367 (Mon Apr 07 19:17:59 2008)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf740 0xf800 7.04 97d89224077d79aafb1a60549bd0ebe6
.rdata 0x11000 0x507e 0x200 0.48 3fd29e3c251758358bffd3f8484aa9d3

( 4 imports )
> KERNEL32.dll: GetUserDefaultUILanguage, GetLocalTime, CreateMutexW, VirtualAlloc, VirtualProtect, GetModuleHandleA
> ADVAPI32.dll: CryptGetHashParam, CryptAcquireContextW, RegCreateKeyExA, GetUserNameW, RegSetValueExA, RegEnumKeyExA
> SHLWAPI.dll: StrCmpNIA, StrStrW
> USER32.dll: CloseWindowStation, CharLowerBuffA

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set

Shaba · May 13, 2009

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post

kdyteejay · May 13, 2009

Hi Shaba,

I have already changed passwords from my 2nd pc. I will as suggested contact the relevant people.

Can we try to cleanse.

Shaba · May 13, 2009

Sure

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt and a fresh HijackThis log in your next reply for further review.

kdyteejay · May 14, 2009

Hi Shaba,

ran combofix in live mode , not 'safe mode', is that what you wanted? I also ran disconnected from internet.

here are the reports:
1. combofix
ComboFix 09-05-09.05 - admin 14/05/2009 9:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1530 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.

2009-05-13 18:00 . 2009-05-13 18:30 -------- d-----w C:\xfer
2009-05-11 19:56 . 2009-05-11 19:57 -------- d-----w c:\program files\ERUNT
2009-05-10 22:07 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-10 15:24 . 2002-08-29 12:00 31232 -c--a-w c:\windows\system32\dllcache\weitekp9.sys
2009-05-10 15:23 . 2002-08-29 12:00 229439 -c--a-w c:\windows\system32\dllcache\multibox.dll
2009-05-10 15:22 . 2002-08-29 12:00 36864 -c--a-w c:\windows\system32\dllcache\hanjadic.dll
2009-05-10 15:21 . 2003-03-24 15:52 188480 -c--a-w c:\windows\system32\dllcache\cfgwiz.exe
2009-05-10 15:21 . 2003-03-24 15:52 16439 -c--a-w c:\windows\system32\dllcache\author.exe
2009-05-10 15:21 . 2003-03-24 15:52 20540 -c--a-w c:\windows\system32\dllcache\author.dll
2009-05-10 15:21 . 2003-03-24 15:52 16439 -c--a-w c:\windows\system32\dllcache\admin.exe
2009-05-10 15:21 . 2003-03-24 15:52 20540 -c--a-w c:\windows\system32\dllcache\admin.dll
2009-05-10 15:18 . 2004-08-04 05:56 628224 -c--a-w c:\windows\system32\dllcache\catsrvut.dll
2009-05-10 15:18 . 2004-08-04 05:56 628224 ----a-w c:\windows\system32\catsrvut.dll
2009-05-10 15:07 . 2002-08-29 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-10 15:07 . 2002-08-29 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-10 15:07 . 2002-08-29 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-10 15:07 . 2002-08-29 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-09 09:35 . 2009-05-09 09:36 -------- d-----w C:\SAV32CLI
2009-05-08 18:18 . 2009-05-08 18:18 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-08 15:30 . 2009-05-08 15:30 -------- d-----w c:\windows\repair
2009-05-08 14:55 . 2002-08-29 12:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-05-08 14:52 . 2002-08-29 12:00 7680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe
2009-05-08 12:40 . 2009-05-08 12:40 45056 ----a-w c:\windows\system32\DeleteNotifyDll.dll
2009-05-08 12:37 . 2008-04-14 00:12 23040 ----a-w c:\windows\system32\AAP.DLL
2009-05-08 12:35 . 2009-03-21 14:06 989696 ----a-w c:\windows\system32\AAK.dll
2009-05-08 12:35 . 2009-02-09 12:10 617472 ----a-w c:\windows\system32\AAD.DLL
2009-05-08 12:34 . 2009-05-08 12:39 -------- d-----w c:\program files\Adware Away
2009-05-06 22:58 . 2009-05-06 22:58 75264 ----a-w c:\windows\internat.exe
2009-05-05 21:20 . 2009-05-05 23:01 -------- d-----w c:\program files\PXL Soft
2009-04-30 21:01 . 1999-10-15 11:50 1056768 ----a-w c:\windows\system32\ROBOEX32.DLL
2009-04-30 21:01 . 2006-07-22 18:37 49152 ----a-w c:\windows\system32\INETWH32.dll
2009-04-17 19:48 . 2008-09-17 13:24 49996376 ----a-w C:\avg_free_stf_en_8_169a1359.exe
2009-04-16 18:27 . 2008-05-03 11:55 2560 ----a-w c:\windows\system32\xpsp4res.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 07:49 . 2007-03-12 10:38 144264 ----a-w c:\windows\system32\nvModes.dat
2009-05-10 15:37 . 2009-05-10 15:37 65024 ----a-w C:\calc.exe
2009-05-10 15:20 . 2004-08-11 17:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-10 15:18 . 2004-08-11 17:12 23428 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-10 15:18 . 2009-05-10 15:18 1663 ----a-w c:\windows\inf\COM1ED.tmp
2009-05-08 18:30 . 2007-03-19 14:42 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-08 12:29 . 2008-11-30 12:53 -------- d-----w c:\program files\SpywareGuard
2009-05-02 17:04 . 2008-11-28 17:21 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-05-02 17:02 . 2008-11-29 20:12 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-04-30 21:18 . 2007-03-12 11:08 36368 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 21:01 . 2007-04-18 22:17 -------- d-----w c:\program files\Common Files\Ulead Systems
2009-04-30 21:00 . 2007-04-18 22:17 -------- d-----w c:\program files\Ulead Systems
2009-04-30 21:00 . 2007-03-12 10:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 23:28 . 2007-06-07 19:46 -------- d-----w c:\program files\NO1 Video Converter
2009-03-18 08:31 . 2009-03-18 08:31 -------- d-----w c:\program files\Windows Installer Clean Up
2009-03-18 08:31 . 2009-03-18 08:31 -------- d-----w c:\program files\MSECACHE
2009-03-17 20:44 . 2009-03-17 20:36 -------- d-----w c:\program files\hkSFV
2009-03-06 14:44 . 2004-08-04 05:56 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-02 21:09 . 2009-03-02 21:09 2368 ----a-w c:\windows\system32\SVKP.sys
2009-02-20 08:30 . 2004-08-04 05:56 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2004-08-04 05:56 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-14 13:58 . 2009-02-14 13:58 664 ----a-w c:\windows\system32\d3d9caps.dat
2003-12-19 19:36 . 2007-06-12 21:56 40960 ----a-w c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-05-10_22.12.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 17:12 . 2008-10-16 14:08 34328 c:\windows\system32\wups.dll
+ 2004-08-04 05:56 . 2006-10-04 08:48 50176 c:\windows\system32\utilman.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 50176 c:\windows\system32\utilman.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 35840 c:\windows\system32\umandlg.dll
+ 2004-08-04 05:56 . 2006-10-04 13:33 35840 c:\windows\system32\umandlg.dll
+ 2004-08-04 05:56 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 55808 c:\windows\system32\secur32.dll
+ 2002-08-29 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-11 17:00 . 2009-05-14 07:53 81120 c:\windows\system32\perfc009.dat
- 2004-08-11 17:00 . 2009-05-10 21:45 81120 c:\windows\system32\perfc009.dat
+ 2004-08-04 05:56 . 2006-10-04 08:48 53760 c:\windows\system32\narrator.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 53760 c:\windows\system32\narrator.exe
+ 2004-08-11 17:11 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 05:56 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-08-11 17:11 . 2004-08-04 05:56 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 05:56 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
+ 2004-08-04 05:56 . 2006-10-04 08:48 72704 c:\windows\system32\magnify.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 72704 c:\windows\system32\magnify.exe
+ 2004-08-04 05:56 . 2008-06-10 08:17 96768 c:\windows\system32\logagent.exe
- 2004-08-04 05:56 . 2004-08-11 00:45 96768 c:\windows\system32\logagent.exe
+ 2004-08-04 05:56 . 2009-02-20 08:30 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 96256 c:\windows\system32\inseng.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 96256 c:\windows\system32\inseng.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 55808 c:\windows\system32\extmgr.dll
+ 2004-08-11 17:12 . 2008-10-16 14:08 34328 c:\windows\system32\dllcache\wups.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 50176 c:\windows\system32\dllcache\utilman.exe
+ 2004-08-04 05:56 . 2006-10-04 08:48 50176 c:\windows\system32\dllcache\utilman.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 35840 c:\windows\system32\dllcache\umandlg.dll
+ 2004-08-04 05:56 . 2006-10-04 13:33 35840 c:\windows\system32\dllcache\umandlg.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 05:56 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
+ 2002-08-29 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-04 05:56 . 2009-02-20 08:30 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 05:56 . 2006-10-04 08:48 53760 c:\windows\system32\dllcache\narrator.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 53760 c:\windows\system32\dllcache\narrator.exe
+ 2004-08-11 17:11 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-04 05:56 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-11 17:11 . 2004-08-04 05:56 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-04 05:56 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 72704 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-04 05:56 . 2006-10-04 08:48 72704 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-04 05:56 . 2008-06-10 08:17 96768 c:\windows\system32\dllcache\logagent.exe
- 2004-08-04 05:56 . 2004-08-11 00:45 96768 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 05:56 . 2009-02-20 08:30 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 81920 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-11 17:12 . 2009-02-19 09:58 18432 c:\windows\system32\dllcache\iedw.exe
- 2004-08-11 17:12 . 2004-08-04 05:56 18432 c:\windows\system32\dllcache\iedw.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-11 17:11 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
+ 2007-03-16 15:41 . 2009-05-14 07:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-10 22:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-10 22:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-03-16 15:41 . 2009-05-14 07:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-10 22:10 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-03-16 15:41 . 2009-05-14 07:50 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 17:11 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2004-08-04 05:56 . 2007-10-27 16:40 227328 c:\windows\system32\wmasf.dll
+ 2004-08-04 05:56 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 351232 c:\windows\system32\winhttp.dll
+ 2004-08-11 17:11 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-11 17:11 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-11 17:11 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 417792 c:\windows\system32\vbscript.dll
+ 2004-08-04 05:56 . 2007-12-18 14:40 417792 c:\windows\system32\vbscript.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 616448 c:\windows\system32\urlmon.dll
+ 2004-08-04 05:56 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-04 05:56 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 144896 c:\windows\system32\schannel.dll
+ 2004-08-04 05:56 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
+ 2004-08-04 05:56 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2004-08-11 17:00 . 2009-05-14 07:53 468916 c:\windows\system32\perfh009.dat
- 2004-08-11 17:00 . 2009-05-10 21:45 468916 c:\windows\system32\perfh009.dat
+ 2004-08-04 05:56 . 2006-10-04 08:48 215552 c:\windows\system32\osk.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 215552 c:\windows\system32\osk.exe
+ 2004-08-04 05:56 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-04 05:56 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
+ 2004-08-04 05:56 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 245248 c:\windows\system32\mswsock.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 532480 c:\windows\system32\mstime.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 146432 c:\windows\system32\msrating.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 146432 c:\windows\system32\msrating.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 449024 c:\windows\system32\mshtmled.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-04 05:56 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
+ 2004-08-04 05:56 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 450560 c:\windows\system32\jscript.dll
+ 2004-08-04 05:56 . 2007-12-18 14:40 450560 c:\windows\system32\jscript.dll
+ 2004-08-11 17:12 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 251392 c:\windows\system32\iepeers.dll
+ 2004-08-04 05:56 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 205312 c:\windows\system32\dxtrans.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 04:07 . 2008-06-20 09:52 225920 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-04 04:14 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-04 04:14 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2002-08-29 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-04 04:15 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 04:10 . 2008-06-13 13:10 272128 c:\windows\system32\drivers\bthport.sys
+ 2004-08-04 04:14 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 05:56 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2004-08-11 17:11 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-11 17:11 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2004-08-11 17:11 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-04 05:56 . 2007-10-27 16:40 227328 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 659456 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 05:56 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 05:56 . 2007-12-18 14:40 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 04:07 . 2008-06-20 09:52 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-04 04:14 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-04 05:56 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-04 04:14 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2004-08-04 05:56 . 2009-02-20 08:30 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 05:56 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 144896 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-04 05:56 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-04 05:56 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2002-08-29 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
- 2004-08-04 05:56 . 2004-08-04 05:56 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-04 05:56 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 215552 c:\windows\system32\dllcache\osk.exe
+ 2004-08-04 05:56 . 2006-10-04 08:48 215552 c:\windows\system32\dllcache\osk.exe
+ 2004-08-04 05:56 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-04 05:56 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 05:56 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2004-08-11 17:12 . 2004-08-04 05:56 331776 c:\windows\system32\dllcache\msadce.dll
+ 2004-08-11 17:12 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
+ 2009-05-10 21:48 . 2008-10-24 11:10 453632 c:\windows\system32\dllcache\mrxsmb.sys
+ 2004-08-04 05:56 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-04 05:56 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 450560 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-04 05:56 . 2007-12-18 14:40 450560 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-11 17:12 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 05:56 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2004-08-11 17:11 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 05:56 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-04 04:14 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
- 2004-08-04 05:56 . 2004-08-04 05:56 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 05:56 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 05:56 . 2006-08-16 11:58 100352 c:\windows\system32\dllcache\6to4svc.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 100352 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 151040 c:\windows\system32\cdfview.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 616960 c:\windows\system32\advapi32.dll
+ 2004-08-04 05:56 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 100352 c:\windows\system32\6to4svc.dll
+ 2004-08-04 05:56 . 2006-08-16 11:58 100352 c:\windows\system32\6to4svc.dll
+ 2009-05-11 19:58 . 2005-10-20 11:02 163328 c:\windows\ERDNT\11-05-2009\ERDNT.EXE
+ 2009-05-10 21:48 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-05-10 22:07 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
- 2009-05-08 18:13 . 2008-04-15 17:54 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2009-05-10 21:49 . 2008-04-15 17:54 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2004-08-04 05:57 . 2008-06-10 10:57 2364472 c:\windows\system32\WMVCore.dll
+ 2004-08-04 05:56 . 2008-06-10 10:37 1026048 c:\windows\system32\WMNetmgr.dll
+ 2004-08-04 04:17 . 2009-02-09 10:19 1846272 c:\windows\system32\win32k.sys
+ 2004-08-04 05:56 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2004-08-04 05:56 . 2009-03-02 23:52 1495552 c:\windows\system32\shdocvw.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 1287680 c:\windows\system32\quartz.dll
+ 2004-08-04 05:56 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
+ 2004-08-04 04:18 . 2009-02-06 17:22 2136064 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2009-02-06 16:49 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 05:56 . 2008-09-04 16:42 1106944 c:\windows\system32\msxml3.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 3059712 c:\windows\system32\mshtml.dll
+ 2004-08-11 17:06 . 2009-05-12 19:42 1455784 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 05:57 . 2008-06-10 10:57 2364472 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 05:56 . 2008-06-10 10:37 1026048 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-04 04:17 . 2009-02-09 10:19 1846272 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 05:56 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-04 05:56 . 2009-03-02 23:52 1495552 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 05:56 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2009-05-10 21:49 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-05-10 21:49 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-05-10 21:49 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-05-10 21:49 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 05:56 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 3059712 c:\windows\system32\dllcache\mshtml.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 1054208 c:\windows\system32\danim.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 1023488 c:\windows\system32\browseui.dll
+ 2009-05-10 21:49 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-05-10 21:49 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-05-10 21:49 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-05-10 21:49 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SYS32DLL"="SYS32DLL" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2006-12-25 177664]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"eyeBeam SIP Client"="c:\program files\BT Broadband Talk Softphone\BTSoftphone.exe" [2006-07-31 19857408]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"internat"="c:\windows\internat.exe" [2009-05-06 75264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-06-26 509224]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-11-19 99984]
"vptray"="c:\progra~1\SYMANT~2\SYMANT~1\vptray.exe" [2003-05-21 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-08 185896]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\admin\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\pavuppad.exe,"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2031643626-816787558-188441444-1002\Scripts\Logon\0\0]
"Script"=remedylastlogin.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2031643626-816787558-188441444-3814\Scripts\Logon\0\0]
"Script"=remedylastlogin.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\VoiceLine SoftPhone\\VoiceLine.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [12/06/2007 22:59 9344]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15/05/2008 13:07 61424]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\drivers\mdc80211.sys [19/03/2007 14:58 15793]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [02/03/2009 22:09 2368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [26/12/2008 14:44 3032360]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [13/08/2007 17:04 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [13/08/2007 17:04 23296]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [02/09/2008 17:56 178913]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [26/12/2008 14:44 15144]
S4 MSExchangeMGMT;Microsoft Exchange Management;c:\program files\Exchsrvr\bin\exmgmt.exe [16/03/2007 17:21 3117568]
.
Contents of the 'Scheduled Tasks' folder

2009-05-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {61628958-4627-48F4-99FD-30719188568D} - hxxp://www.ifrontiers.com/ActiveX/XCheck.CAB
DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} - hxxps://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 09:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
internat = c:\windows\internat.exe????????????????????|?????????????P@?????? ??????? ??????S

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1316)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3884)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-14 9:29
ComboFix-quarantined-files.txt 2009-05-14 08:29
ComboFix2.txt 2009-05-11 17:28
ComboFix3.txt 2009-05-10 22:21

Pre-Run: 20,462,804,992 bytes free
Post-Run: 20,485,726,208 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
435 --- E O F --- 2009-05-12 17:00

2. HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:31:05, on 14/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/wi...ls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/mi...ls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 17065 bytes

Shaba · May 14, 2009

Have you set this?

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171

kdyteejay · May 14, 2009

Not that I am aware of - what is it?

Shaba · May 14, 2009

It is proxy server set in Internet explorer. If you haven't set it, we can remove it

kdyteejay · May 14, 2009

ok tell me what I have to do

Shaba · May 14, 2009

Before that, this is the next step:

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

kdyteejay · May 14, 2009

Hi Shaba,

as requested
55mm v6 for Adobe Photoshop & Compatible Applications
Acronis*True*Image*Workstation
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Common File Installer
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 2
Adobe Setup
Adobe SING CS3
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.0
Adware Away v2.2.8.7
AHV content for Acrobat and Flash
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
Artizen TMO PS Plugins 1.0
Avaya Integrated Management Administration Tools 3.1
AVI DivX MPEG to DVD Converter & Burner Pro 2.9
AVI DivX to DVD SVCD VCD Converter 2.2.2
Avidemux 2.4
AviSynth 2.5
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
Bamboo Scribe 2.6
Bamboo Scribe Shared Files
BHA B's Recorder GOLD BASIC 7.57 (Update)
BitLord 1.1
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom Advanced Control Suite
BT Broadband Desktop Help
BT Home Hub
BT Softphone 1.5.3.6
BT Wireless Connection Manager
BT Yahoo! Applications
Capture NX 2
Color Efex Pro 3.0 Complete
CombineZM
Conexant HDA D110 MDC V.92 Modem
CopyToDVD
Creative Live! Cam Center
Creative Live! Cam Vista IM Driver (1.01.03.1104)
Creative Live! Cam Vista IM User's Guide (English)
Creative Software AutoUpdate
Creative System Information
Creative WebCam Center
CyberLink PowerDVD 8
DameWare Mini Remote Control
Dell Support 3.2.1
Dfine 2.0
Dg Foto Art - Training
Digital Line Detect
Disc2Phone
DivX Codec
DivX Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Solution
DVDFab Decrypter 3.0.8.6
DVD-RAM Driver
E.M. Youtube Video Download Tool 2.30
Easy CD Ripper 2.26
EPSON Printer Software
Ergo Print Monitor xp86
ERUNT 1.1j
FastStone Photo Resizer 2.6
File Uploader
FinePixViewer Ver.4.0
FixerBundle
Fuji Internet Printing
FUJIFILM USB Driver
Genuine Fractals 5.0
HandicapMaster Version 5
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
hkSFV (remove only)
Hotfix for Windows XP (KB952287)
HP Photo and Imaging 1.1 - Photosmart Cameras
ImageMixer VCD for FinePix
ImgBurn (Remove Only)
Intel(R) PROSet/Wireless Software
iPassConnect Corporate
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 7
K-Lite Codec Pack 2.34 Full
Leadbetter Interactive
LiveUpdate 1.80 (Symantec Corporation)
Magic ISO Maker v5.3 (build 0221)
MagicDisc 2.7.105
Map Button (Windows Live Toolbar)
Mask Pro 4.1
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Exchange
Microsoft Office Standard Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
MicroStaff WINASPI NT
mIWA
mLogView
mMHouse
Modem Helper
Motorola Software Update
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
Multimedia Launcher
mWlsSafe
mWMI
mXML
mZConfig
neroxml
NetWaiting
Nikon Message Center
NVIDIA Drivers
Offline Course Player
PDF Settings
PDFCreator
Pen Tablet
PhotoFrame Pro 3.1
Photomatix Pro version 3.0.1
Picasa 2
Picture Control Utility
Portrait Professional Max 6.3
PowerISO
PowerProducer
QuickSet
QuickTime
RAW FILE CONVERTER LE
RAYflect Four Seasons 1.0
RealPlayer
Remote Administrator v2.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Sharpener Pro 3.0
Silver Efex Pro
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
SmartSound Quicktracks Plugin
Sonic Activation Module
Sonic Update Manager
Sony Ericsson PC Suite 1.20.173
Spybot - Search & Destroy
Spyder2express
SpywareBlaster 4.1
SpywareGuard v2.2
SSC Service Utility v4.30
Super Screen Capture 4.0
Symantec AntiVirus
Symantec AntiVirus Client
SyncToy
TomTom HOME 2.5.2.60
Tone Mapping Plug-In 1.2
TorrentQ version 2.1.0.0
Total Video Converter 3.14 080930
Ulead PhotoImpact 12
Ulead VideoStudio 8.0
Update for Windows XP (KB925720)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
VC_MergeModuleToMSI
VideoLAN VLC media player 0.8.6a
ViewNX
Visual Watermark 2.9.12
Viveza
Vodafone 804SS USB driver Software
Vodafone Mobile Connect
VoiceLine SoftPhone
WinAVI Video Converter
Windows Communication Foundation
Windows Installer Clean Up
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Server 2003 Service Pack 1 Administration Tools Pack
Windows Workflow Foundation
WinRAR archiver
WinZip
WP Pro 1.1

Shaba · May 15, 2009

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitLord 1.1

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.

kdyteejay · May 15, 2009

done.

55mm v6 for Adobe Photoshop & Compatible Applications
Acronis*True*Image*Workstation
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Common File Installer
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 2
Adobe Setup
Adobe SING CS3
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.0
Adware Away v2.2.8.7
AHV content for Acrobat and Flash
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
Artizen TMO PS Plugins 1.0
Avaya Integrated Management Administration Tools 3.1
AVI DivX MPEG to DVD Converter & Burner Pro 2.9
AVI DivX to DVD SVCD VCD Converter 2.2.2
Avidemux 2.4
AviSynth 2.5
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
Bamboo Scribe 2.6
Bamboo Scribe Shared Files
BHA B's Recorder GOLD BASIC 7.57 (Update)
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom Advanced Control Suite
BT Broadband Desktop Help
BT Home Hub
BT Softphone 1.5.3.6
BT Wireless Connection Manager
BT Yahoo! Applications
Capture NX 2
Color Efex Pro 3.0 Complete
CombineZM
Conexant HDA D110 MDC V.92 Modem
CopyToDVD
Creative Live! Cam Center
Creative Live! Cam Vista IM Driver (1.01.03.1104)
Creative Live! Cam Vista IM User's Guide (English)
Creative Software AutoUpdate
Creative System Information
Creative WebCam Center
CyberLink PowerDVD 8
DameWare Mini Remote Control
Dell Support 3.2.1
Dfine 2.0
Dg Foto Art - Training
Digital Line Detect
Disc2Phone
DivX Codec
DivX Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Solution
DVDFab Decrypter 3.0.8.6
DVD-RAM Driver
E.M. Youtube Video Download Tool 2.30
Easy CD Ripper 2.26
EPSON Printer Software
Ergo Print Monitor xp86
ERUNT 1.1j
FastStone Photo Resizer 2.6
File Uploader
FinePixViewer Ver.4.0
FixerBundle
Fuji Internet Printing
FUJIFILM USB Driver
Genuine Fractals 5.0
HandicapMaster Version 5
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
hkSFV (remove only)
Hotfix for Windows XP (KB952287)
HP Photo and Imaging 1.1 - Photosmart Cameras
ImageMixer VCD for FinePix
ImgBurn (Remove Only)
Intel(R) PROSet/Wireless Software
iPassConnect Corporate
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 7
K-Lite Codec Pack 2.34 Full
Leadbetter Interactive
LiveUpdate 1.80 (Symantec Corporation)
Magic ISO Maker v5.3 (build 0221)
MagicDisc 2.7.105
Map Button (Windows Live Toolbar)
Mask Pro 4.1
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Exchange
Microsoft Office Standard Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
MicroStaff WINASPI NT
mIWA
mLogView
mMHouse
Modem Helper
Motorola Software Update
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
Multimedia Launcher
mWlsSafe
mWMI
mXML
mZConfig
neroxml
NetWaiting
Nikon Message Center
NVIDIA Drivers
Offline Course Player
PDF Settings
PDFCreator
Pen Tablet
PhotoFrame Pro 3.1
Photomatix Pro version 3.0.1
Picasa 2
Picture Control Utility
Portrait Professional Max 6.3
PowerISO
PowerProducer
QuickSet
QuickTime
RAW FILE CONVERTER LE
RAYflect Four Seasons 1.0
RealPlayer
Remote Administrator v2.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Sharpener Pro 3.0
Silver Efex Pro
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
SmartSound Quicktracks Plugin
Sonic Activation Module
Sonic Update Manager
Sony Ericsson PC Suite 1.20.173
Spybot - Search & Destroy
Spyder2express
SpywareBlaster 4.1
SpywareGuard v2.2
SSC Service Utility v4.30
Super Screen Capture 4.0
Symantec AntiVirus
Symantec AntiVirus Client
SyncToy
TomTom HOME 2.5.2.60
Tone Mapping Plug-In 1.2
TorrentQ version 2.1.0.0
Total Video Converter 3.14 080930
Ulead PhotoImpact 12
Ulead VideoStudio 8.0
Update for Windows XP (KB925720)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
VC_MergeModuleToMSI
VideoLAN VLC media player 0.8.6a
ViewNX
Visual Watermark 2.9.12
Viveza
Vodafone 804SS USB driver Software
Vodafone Mobile Connect
VoiceLine SoftPhone
WinAVI Video Converter
Windows Communication Foundation
Windows Installer Clean Up
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Server 2003 Service Pack 1 Administration Tools Pack
Windows Workflow Foundation
WinRAR archiver
WinZip
WP Pro 1.1

Win32.Agent.pz not being removed by Spybot

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member