Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Kasperski says I have a virus [RESOLVED]


  • This topic is locked This topic is locked

#1
UKBobby

UKBobby

    Member

  • Member
  • PipPip
  • 36 posts
Hello

My mchine has been acting a little bit strange over the past few days so I ran a Kaskerski online scan, avg scan and have run the hijack this appl - Kasperski believes I have a few problems but my norton and avg cannot see any problems - olease could you take a look at the attached logs - the kasperski log was done before AVG and hijack this were run

Thanks for looking

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 26, 2008 7:55:44 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/01/2008
Kaspersky Anti-Virus database records: 533507
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 54140
Number of viruses found: 2
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 00:34:29

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\816754F0.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\9CC58D60.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Dave\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dave\Desktop\Tools\freeripmp3.exe/file25 Infected: not-a-virus:AdTool.Win32.MyWebSearch.br skipped
C:\Documents and Settings\Dave\Desktop\Tools\freeripmp3.exe Inno: infected - 1 skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Norton AntiSpam Folder/20 Jan 2008 05:50 from Katharine Goddard:Merry Christmas/card.zip/card.scr Infected: Trojan-Downloader.Win32.Agent.hra skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Norton AntiSpam Folder/20 Jan 2008 05:50 from Katharine Goddard:Merry Christmas/card.zip Infected: Trojan-Downloader.Win32.Agent.hra skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 2 skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dave\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\Bonus\Log\Shazam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6CE32055-FBF7-4931-8951-C577ACFB8CA1}\RP159\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4B188144-8F12-4479-88F1-BF8FF0A5E3FF}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Now the Hijack this log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:54, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.101:8080
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip....er/igloader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A516694-0B72-4639-9435-3B3D8100A2C5}: NameServer = 195.184.228.6 195.184.228.7
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10704 bytes


and the uninstal log

A4tech USB Mouse Quality Testing Program V4.0
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.1.1
Adobe Shockwave Player
AppCore
ArcSoft Software Suite
ASUSDVD XP
AV
AVG Anti-Spyware 7.5
Battlefield 2™
Battlefield 2: Special Forces
BF2 Protocol
Bonus
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
CIB
DVD Shrink 3.2
Forgotten Hope 2
FreeRIP v2.951
FreeRIP v3.03
GOM Player
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp deskjet 3420 series
hp deskjet 3420 series (Remove only)
ICQ Toolbar
ICQ6
Java™ 6 Update 2
Java™ 6 Update 3
Kaspersky Online Scanner
LiveOnlineFooty.com
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
LUMIX Simple Viewer
MAGIX Media Manager silver
MAGIX Photos on CD & DVD 2.0
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSN
MSRedist
Nero 6
Nero Digital
Norton Add-on Pack (Symantec Corporation)
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Internet Security Bonus Pack
Norton Protection Center
NVIDIA Drivers
Panda ActiveScan
PHOTOfunSTUDIO -viewer-
PrintKey2000
Pro Evolution Soccer 2008 DEMO
Pro Evolution Soccer 6
Quicken 2004
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Smart-X7 7.72
SopCore 1.1.2
SoundMAX
SPBBC 32bit
SpeedTouch USB Software
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
TwistedPixel Visualization for Windows Media Player
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip

Thank you
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Dave\Desktop\Tools\freeripmp3.exe
    C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Norton AntiSpam Folder/20 Jan 2008 05:50 from Katharine Goddard:Merry Christmas/card.zip
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
UKBobby

UKBobby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hello

Thanks for the info

Ran the OTMoveIt2 and here is the output - was not asked to restart the pc but will try this again

C:\Documents and Settings\Dave\Desktop\Tools\freeripmp3.exe moved successfully.
File/Folder C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Norton AntiSpam Folder/20 Jan 2008 05:50 from Katharine Goddard:Merry Christmas/card.zip not found.
[Custom Input]
< purity >

OTMoveIt2 v1.0.15 log created on 01272008_094000

However, after downloading DSS and running it - it gets 85 - 90 % through and encounteres a problem. The output file for the problem is bf05_appcomoat.txt - here is the contents - tried this 2 or 3 times same result.

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="dss.exe" FILTER="GRABMI_FILTER_PRIVACY">
<MATCHING_FILE NAME="ATF_Cleaner.exe" SIZE="50688" CHECKSUM="0x64A9D2CD" BIN_FILE_VERSION="3.0.0.2" BIN_PRODUCT_VERSION="3.0.0.2" PRODUCT_VERSION="3.00.0002" FILE_DESCRIPTION="ATF Cleaner.exe" COMPANY_NAME="Atribune.org" PRODUCT_NAME="ATF Cleaner" FILE_VERSION="3.00.0002" ORIGINAL_FILENAME="ATF-Cleaner.exe" INTERNAL_NAME="ATF-Cleaner" LEGAL_COPYRIGHT="© 2005 Atribune.org" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x30000" UPTO_BIN_FILE_VERSION="3.0.0.2" UPTO_BIN_PRODUCT_VERSION="3.0.0.2" LINK_DATE="02/15/2007 13:00:43" UPTO_LINK_DATE="02/15/2007 13:00:43" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="avgas-setup-7.5.1.43-3339.exe" SIZE="14113576" CHECKSUM="0x3A61C86C" MODULE_TYPE="WIN32" PE_CHECKSUM="0xD855A5" LINKER_VERSION="0x0" LINK_DATE="02/17/2007 12:48:44" UPTO_LINK_DATE="02/17/2007 12:48:44" />
<MATCHING_FILE NAME="dss.exe" SIZE="686630" CHECKSUM="0xE1ED9520" BIN_FILE_VERSION="3.2.8.1" BIN_PRODUCT_VERSION="3.2.8.1" FILE_DESCRIPTION="" FILE_VERSION="3, 2, 8, 1" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.2.8.1" UPTO_BIN_PRODUCT_VERSION="3.2.8.1" LINK_DATE="09/10/2007 14:57:50" UPTO_LINK_DATE="09/10/2007 14:57:50" VER_LANGUAGE="English (United Kingdom) [0x809]" />
<MATCHING_FILE NAME="OTMoveIt2.exe" SIZE="291328" CHECKSUM="0x654F44F0" BIN_FILE_VERSION="1.0.15.0" BIN_PRODUCT_VERSION="1.0.15.0" PRODUCT_VERSION="2.0.0.0" FILE_DESCRIPTION="" COMPANY_NAME="OldTimer Tools" PRODUCT_NAME="OTMoveIt" FILE_VERSION="1.0.15.0" ORIGINAL_FILENAME="" INTERNAL_NAME="OTMoveIt2" LEGAL_COPYRIGHT="" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x50EF5" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.15.0" UPTO_BIN_PRODUCT_VERSION="1.0.15.0" LINK_DATE="06/19/1992 22:22:17" UPTO_LINK_DATE="06/19/1992 22:22:17" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Games\Hellgate_London_Demo.exe" SIZE="1566047307" />
<MATCHING_FILE NAME="Tools\AdbeRdr810_en_US.exe" SIZE="23402288" CHECKSUM="0xCBB7D546" BIN_FILE_VERSION="1.0.0.92" BIN_PRODUCT_VERSION="1.0.0.92" PRODUCT_VERSION="1.0.0.92 " COMPANY_NAME=" " PRODUCT_NAME="NOSSO® " FILE_VERSION="1.0.0.92 " LEGAL_COPYRIGHT=" " VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x16545CD" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.0.92" UPTO_BIN_PRODUCT_VERSION="1.0.0.92" LINK_DATE="12/12/2006 15:59:55" UPTO_LINK_DATE="12/12/2006 15:59:55" VER_LANGUAGE="Language Neutral [0x0]" />
<MATCHING_FILE NAME="Tools\Google_Earth_BZXV.exe" SIZE="13411824" CHECKSUM="0x4D5A9D98" MODULE_TYPE="WIN32" PE_CHECKSUM="0xCCBE81" LINKER_VERSION="0x0" LINK_DATE="08/07/2007 16:53:54" UPTO_LINK_DATE="08/07/2007 16:53:54" />
<MATCHING_FILE NAME="Tools\LiveOnlineFooty_v4.0beta.exe" SIZE="7384919" CHECKSUM="0xC0D06574" BIN_FILE_VERSION="2.0.0.24" BIN_PRODUCT_VERSION="2.0.0.24" PRODUCT_VERSION="2, 0, 0, 24" FILE_DESCRIPTION="" COMPANY_NAME="" PRODUCT_NAME="LiveOnlineFooty.com Install Program" FILE_VERSION="2, 0, 0, 24" ORIGINAL_FILENAME="" INTERNAL_NAME="" LEGAL_COPYRIGHT="" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.0.24" UPTO_BIN_PRODUCT_VERSION="2.0.0.24" LINK_DATE="12/17/2004 08:58:40" UPTO_LINK_DATE="12/17/2004 08:58:40" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Tools\Setup-SopCore-1.1.2-2007-04-20.exe" SIZE="875778" CHECKSUM="0x500601C8" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="11/27/2006 17:36:03" UPTO_LINK_DATE="11/27/2006 17:36:03" />
<MATCHING_FILE NAME="Tools\TCPOptimizer.exe" SIZE="610304" CHECKSUM="0x1F28D799" BIN_FILE_VERSION="2.0.3.0" BIN_PRODUCT_VERSION="2.0.3.0" PRODUCT_VERSION="2, 0, 3, 0" FILE_DESCRIPTION="SG TCP Optimizer" COMPANY_NAME="Speed Guide Inc." PRODUCT_NAME="SG TCP Optimizer Application" FILE_VERSION="2, 0, 3, 0" ORIGINAL_FILENAME="TCPOptimizer.exe" INTERNAL_NAME="TCP Optimizer" LEGAL_COPYRIGHT="Copyright © 2001-2006" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.3.0" UPTO_BIN_PRODUCT_VERSION="2.0.3.0" LINK_DATE="01/06/2006 20:49:43" UPTO_LINK_DATE="01/06/2006 20:49:43" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Tools\winzip90.exe" SIZE="4077184" CHECKSUM="0x1D49B792" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3F114B" LINKER_VERSION="0x0" LINK_DATE="07/23/2004 11:33:10" UPTO_LINK_DATE="07/23/2004 11:33:10" />
<MATCHING_FILE NAME="Tools\wmp11-windowsxp-x86-enu.exe" SIZE="25755448" CHECKSUM="0x6DC25259" BIN_FILE_VERSION="6.0.5489.0" BIN_PRODUCT_VERSION="6.0.5489.0" PRODUCT_VERSION="11.0.5721.5145" FILE_DESCRIPTION="Windows Media Component Setup Application" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows Media Component Setup Application" FILE_VERSION="11.0.5721.5145" ORIGINAL_FILENAME="WEXTRACT.EXE " INTERNAL_NAME="Wextract " LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1896854" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="6.0.5489.0" UPTO_BIN_PRODUCT_VERSION="6.0.5489.0" LINK_DATE="08/03/2006 20:27:28" UPTO_LINK_DATE="08/03/2006 20:27:28" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Tools\wrar371.exe" SIZE="1206366" CHECKSUM="0xA70B4DF7" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="09/20/2007 12:34:56" UPTO_LINK_DATE="09/20/2007 12:34:56" />
</EXE>
<EXE NAME="ntdll.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="ntdll.dll" SIZE="708096" CHECKSUM="0x9D20568" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xAF2F7" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="984576" CHECKSUM="0xF0B331F6" BIN_FILE_VERSION="5.1.2600.3119" BIN_PRODUCT_VERSION="5.1.2600.3119" PRODUCT_VERSION="5.1.2600.3119" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF9293" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.3119" UPTO_BIN_PRODUCT_VERSION="5.1.2600.3119" LINK_DATE="04/16/2007 15:52:53" UPTO_LINK_DATE="04/16/2007 15:52:53" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>
  • 0

#4
UKBobby

UKBobby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hello again

Re-booted and tried OTMoveIt2 again - here are the results

second time

File/Folder C:\Documents and Settings\Dave\Desktop\Tools\freeripmp3.exe not found.
File/Folder C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Norton AntiSpam Folder/20 Jan 2008 05:50 from Katharine Goddard:Merry Christmas/card.zip not found.
[Custom Input]
< purity >

OTMoveIt2 v1.0.15 log created on 01272008_100303

Also downloaded DSS a second time and tried it again - same result

Many thanks
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this instead

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the box beside Reg - Disabled MS Config Items.
  • Under Rootkit Search change that to Yes.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.
  • 0

#6
UKBobby

UKBobby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi

Done that - here is the log.

When it was running through Symnatec window popped up twice saying it had blocked a Trojen - your system is safe - just thought I'd mention it

WinPFind35 logfile created on: 27/01/2008 17:00:54
WinPFind35U Version Beta38	 Folder = C:\Documents and Settings\Dave\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.04% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 423.93 Gb Free Space | 91.02% Space Free | Partition Type: NTFS
Drive D: | 1.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: OWNER-0F03F2167
Current User Name: Dave
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 109160 bytes | Modified Date = 15/03/2007 03:10:02 | Attr =	]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05/01/2007 08:19:28 | Attr =	]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 106.3.5.1 | Size = 214376 bytes | Modified Date = 12/09/2007 19:46:54 | Attr =	]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 12/09/2007 18:27:24 | Attr =	]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr =	]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 109160 bytes | Modified Date = 15/03/2007 03:10:02 | Attr =	]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 21/07/2007 16:05:39 | Attr =	]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.5822 | Size = 163908 bytes | Modified Date = 20/04/2007 05:05:00 | Attr =	]
pnkbstra.exe -> %System32%\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 26/08/2007 19:30:17 | Attr =	]
smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 30 | Size = 729088 bytes | Modified Date = 13/07/2006 06:12:26 | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 116328 bytes | Modified Date = 15/03/2007 03:10:44 | Attr =	]
dragdiag.exe -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Modified Date = 26/01/2004 10:38:38 | Attr =	]
hpztsb05.exe -> %System32%\spool\drivers\w32x86\3\hpztsb05.exe -> HP [Ver = 2,126,0,0 | Size = 188416 bytes | Modified Date = 29/04/2002 19:18:27 | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 00:11:35 | Attr =	]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6,0,6000,81 | Size = 868352 bytes | Modified Date = 18/12/2006 13:34:36 | Attr = R  ]
amoumain.exe -> %ProgramFiles%\A4Tech\Mouse\Amoumain.exe -> A4Tech Co., Ltd. [Ver = 7.72.0.0 | Size = 163840 bytes | Modified Date = 17/02/2006 09:14:22 | Attr =	]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 09:25:42 | Attr =	]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 12/08/2007 16:07:36 | Attr =	]
phleautorun.exe -> %ProgramFiles%\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1.20L001.0058 | Size = 57344 bytes | Modified Date = 29/09/2006 11:55:14 | Attr =	]
printkey2000.exe -> %ProgramFiles%\PrintKey2000\Printkey2000.exe -> Fred's Software [Ver = 5.1.0.0 | Size = 869376 bytes | Modified Date = 30/09/1999 20:31:38 | Attr =	]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 118784 bytes | Modified Date = 17/12/2004 08:00:00 | Attr =	]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1252232 bytes | Modified Date = 02/11/2007 19:48:28 | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 26/01/2008 13:34:08 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 12/09/2007 18:27:24 | Attr =	]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 109160 bytes | Modified Date = 15/03/2007 03:10:02 | Attr =	]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 106.3.5.1 | Size = 214376 bytes | Modified Date = 12/09/2007 19:46:54 | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 109160 bytes | Modified Date = 15/03/2007 03:10:02 | Attr =	]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 109160 bytes | Modified Date = 15/03/2007 03:10:02 | Attr =	]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 13/01/2007 03:40:58 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 28/02/2006 12:00:00 | Attr =	]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 21/07/2007 16:05:39 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 03:24:18 | Attr =	]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 14/01/2007 07:11:06 | Attr =	]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 12/09/2007 18:27:24 | Attr =	]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 109160 bytes | Modified Date = 15/03/2007 03:10:02 | Attr =	]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 17:30:14 | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.5822 | Size = 163908 bytes | Modified Date = 20/04/2007 05:05:00 | Attr =	]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %System32%\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 26/08/2007 19:30:17 | Attr =	]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1252232 bytes | Modified Date = 02/11/2007 19:48:28 | Attr =	]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05/01/2007 08:19:28 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 09:25:42 | Attr =	]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 19:51:56 | Attr =	]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 116328 bytes | Modified Date = 15/03/2007 03:10:44 | Attr =	]
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb05.exe -> HP [Ver = 2,126,0,0 | Size = 188416 bytes | Modified Date = 29/04/2002 19:18:27 | Attr =	]
Logitech Hardware Abstraction Layer -> KHALMNPR.EXE -> File not found
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 10:50:42 | Attr =	]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.5822 | Size = 8429568 bytes | Modified Date = 20/04/2007 05:05:00 | Attr =	]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.5822 | Size = 81920 bytes | Modified Date = 20/04/2007 05:05:00 | Attr =	]
nwiz -> %System32%\nwiz.exe ->  [Ver =  | Size = 1626112 bytes | Modified Date = 20/04/2007 05:05:00 | Attr =	]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 14/01/2007 07:11:10 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 01/09/2006 15:57:48 | Attr =	]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 30 | Size = 729088 bytes | Modified Date = 13/07/2006 06:12:26 | Attr =	]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6,0,6000,81 | Size = 868352 bytes | Modified Date = 18/12/2006 13:34:36 | Attr = R  ]
SpeedTouch USB Diagnostics -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Modified Date = 26/01/2004 10:38:38 | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 00:11:35 | Attr =	]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 17:30:14 | Attr =	]
WheelMouse -> %ProgramFiles%\A4Tech\Mouse\Amoumain.exe -> A4Tech Co., Ltd. [Ver = 7.72.0.0 | Size = 163840 bytes | Modified Date = 17/02/2006 09:14:22 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 21/07/2007 16:05:40 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 04/11/1999 15:06:48 | Attr =	]
%AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 12/08/2007 16:07:36 | Attr =	]
%AllUsersStartup%\LUMIX Simple Viewer.lnk -> %ProgramFiles%\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1.20L001.0058 | Size = 57344 bytes | Modified Date = 29/09/2006 11:55:14 | Attr =	]
%AllUsersStartup%\Printkey2000.lnk -> %ProgramFiles%\PrintKey2000\Printkey2000.exe -> Fred's Software [Ver = 5.1.0.0 | Size = 869376 bytes | Modified Date = 30/09/1999 20:31:38 | Attr =	]
%AllUsersStartup%\Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Modified Date = 08/12/2004 20:50:22 | Attr =	]
%AllUsersStartup%\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 118784 bytes | Modified Date = 17/12/2004 08:00:00 | Attr =	]
< Dave Startup Folder > -> C:\Documents and Settings\Dave\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 12:29:58 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceClassicControlPanel -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://google.icq.com/search/search_frame.php -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.bbc.co.uk/ -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQToolbar\toolbaru.dll [ICQ Toolbar] -> IE Toolbar [Ver = 2, 0, 20, 11 | Size = 701952 bytes | Modified Date = 25/12/2006 08:40:43 | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{055FD26D-3A88-4e15-963D-DC8493744B1D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQToolbar\toolbaru.dll [XTTBPos00 Class] -> IE Toolbar [Ver = 2, 0, 20, 11 | Size = 701952 bytes | Modified Date = 25/12/2006 08:40:43 | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr =	]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Error: Value  does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 96936 bytes | Modified Date = 12/01/2007 07:04:50 | Attr = R  ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 00:11:33 | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 21/07/2007 16:05:55 | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 12/08/2007 16:07:39 | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 21/07/2007 16:05:55 | Attr = R  ]
{855F3B16-6D32-4fe6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQToolbar\toolbaru.dll [ICQ Toolbar] -> IE Toolbar [Ver = 2, 0, 20, 11 | Size = 701952 bytes | Modified Date = 25/12/2006 08:40:43 | Attr =	]
{90222687-F593-4738-B738-FBEE9C7B26DF} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 607888 bytes | Modified Date = 12/01/2007 07:05:00 | Attr = R  ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 21/07/2007 16:05:55 | Attr = R  ]
WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQToolbar\toolbaru.dll [ICQ Toolbar] -> IE Toolbar [Ver = 2, 0, 20, 11 | Size = 701952 bytes | Modified Date = 25/12/2006 08:40:43 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 00:11:34 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 00:11:33 | Attr =	]
{E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec -> %ProgramFiles%\ICQ6\ICQ.exe [ICQ6] -> ICQ, Inc. [Ver = 6.0.0.5404 | Size = 177400 bytes | Modified Date = 09/11/2007 11:21:11 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5CA3287B-915F-47C1-83BB-B7F94C513504} ->	(1394 Net Adapter) -> 
{E376E6CA-8ABE-4E6C-B267-EC6BF6C1DCF9} ->	(Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D1548A26-B8F6-4E86-AE74-E7062CCC2E2A}[HKEY_LOCAL_MACHINE] -> http://www.miniclip.com/igloader/igloader.CAB[igLoader Content on Demand] -> 


[Registry - Additional Scans - Non-Microsoft Only]


[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 26/01/2008 23:02:27 | Attr =	]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 20/01/2008 22:23:57 | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 20/01/2008 22:23:57 | Attr =  H ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 27/01/2008 09:40:00 | Attr =	]
afc.sys -> %System32%\drivers\afc.sys -> Arcsoft, Inc. [Ver = 1, 0, 0, 2 | Size = 11776 bytes | Created Date = 01/01/2008 11:53:44 | Attr =	]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 26/01/2008 20:06:41 | Attr =	]
pfc.sys -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 21248 bytes | Created Date = 01/01/2008 11:52:53 | Attr =	]
ActiveScan -> %System32%\ActiveScan ->  [Folder | Created Date = 26/01/2008 15:47:36 | Attr =	]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 26/01/2008 15:50:15 | Attr =	]
EPPICLocal_BP.cfg -> %System32%\EPPICLocal_BP.cfg ->  [Ver =  | Size = 6347 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICLocal_CF.cfg -> %System32%\EPPICLocal_CF.cfg ->  [Ver =  | Size = 6195 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICLocal_DU.cfg -> %System32%\EPPICLocal_DU.cfg ->  [Ver =  | Size = 6122 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICLocal_EN.cfg -> %System32%\EPPICLocal_EN.cfg ->  [Ver =  | Size = 13732 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICLocal_ES.cfg -> %System32%\EPPICLocal_ES.cfg ->  [Ver =  | Size = 6103 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICLocal_FR.cfg -> %System32%\EPPICLocal_FR.cfg ->  [Ver =  | Size = 6195 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICLocal_GE.cfg -> %System32%\EPPICLocal_GE.cfg ->  [Ver =  | Size = 6335 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICLocal_IT.cfg -> %System32%\EPPICLocal_IT.cfg ->  [Ver =  | Size = 6442 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICLocal_KO.cfg -> %System32%\EPPICLocal_KO.cfg ->  [Ver =  | Size = 5817 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICLocal_PT.cfg -> %System32%\EPPICLocal_PT.cfg ->  [Ver =  | Size = 6347 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICLocal_RU.cfg -> %System32%\EPPICLocal_RU.cfg ->  [Ver =  | Size = 2889 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICLocal_SC.cfg -> %System32%\EPPICLocal_SC.cfg ->  [Ver =  | Size = 5436 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICLocal_TC.cfg -> %System32%\EPPICLocal_TC.cfg ->  [Ver =  | Size = 2426 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPicMgr.dll -> %System32%\EPPicMgr.dll -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 65536 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPattern1.dat -> %System32%\EPPICPattern1.dat ->  [Ver =  | Size = 26154 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPattern121.dat -> %System32%\EPPICPattern121.dat ->  [Ver =  | Size = 27417 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPattern131.dat -> %System32%\EPPICPattern131.dat ->  [Ver =  | Size = 31053 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPattern2.dat -> %System32%\EPPICPattern2.dat ->  [Ver =  | Size = 20148 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPattern3.dat -> %System32%\EPPICPattern3.dat ->  [Ver =  | Size = 24903 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPattern4.dat -> %System32%\EPPICPattern4.dat ->  [Ver =  | Size = 11811 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPattern5.dat -> %System32%\EPPICPattern5.dat ->  [Ver =  | Size = 21390 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPattern6.dat -> %System32%\EPPICPattern6.dat ->  [Ver =  | Size = 4943 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPresetData_BP.dat -> %System32%\EPPICPresetData_BP.dat ->  [Ver =  | Size = 1139 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPresetData_CF.dat -> %System32%\EPPICPresetData_CF.dat ->  [Ver =  | Size = 1129 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPresetData_DU.dat -> %System32%\EPPICPresetData_DU.dat ->  [Ver =  | Size = 1146 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPresetData_EN.dat -> %System32%\EPPICPresetData_EN.dat ->  [Ver =  | Size = 1104 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPresetData_ES.dat -> %System32%\EPPICPresetData_ES.dat ->  [Ver =  | Size = 1136 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPresetData_FR.dat -> %System32%\EPPICPresetData_FR.dat ->  [Ver =  | Size = 1129 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPresetData_GE.dat -> %System32%\EPPICPresetData_GE.dat ->  [Ver =  | Size = 1107 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPresetData_IT.dat -> %System32%\EPPICPresetData_IT.dat ->  [Ver =  | Size = 1120 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPresetData_PT.dat -> %System32%\EPPICPresetData_PT.dat ->  [Ver =  | Size = 1139 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EPPICPrinterDB.dat -> %System32%\EPPICPrinterDB.dat ->  [Ver =  | Size = 111932 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
EpPicPrt.dll -> %System32%\EpPicPrt.dll -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 114688 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Created Date = 26/01/2008 15:47:47 | Attr =	]
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Created Date = 26/01/2008 19:09:44 | Attr =	]
pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Created Date = 26/01/2008 15:47:39 | Attr =	]
PhDi2.sys -> %System32%\PhDi2.sys -> Matsushita Electric Industrial Co., Ltd. [Ver = 0.99L16.0019 | Size = 45056 bytes | Created Date = 01/01/2008 11:49:56 | Attr =	]
PhotoBase Screen Saver.scr -> %System32%\PhotoBase Screen Saver.scr -> ArcSoft, Inc. [Ver = 1.1.0.59 | Size = 143360 bytes | Created Date = 01/01/2008 11:52:48 | Attr =	]
PICEntry.dll -> %System32%\PICEntry.dll -> SEIKO EPSON CORPORATION [Ver = 3.0.0.1 | Size = 77824 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
PICSDK.dll -> %System32%\PICSDK.dll -> SEIKO EPSON CORPORATION [Ver = 3.0.0.0 | Size = 73728 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
PICSDK.ini -> %System32%\PICSDK.ini ->  [Ver =  | Size = 97 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
PICSDK2.dll -> %System32%\PICSDK2.dll -> SEIKO EPSON CORPORATION [Ver = 3.0.1.2 | Size = 495616 bytes | Created Date = 01/01/2008 11:48:27 | Attr =	]
Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Created Date = 26/01/2008 15:47:47 | Attr =	]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Created Date = 26/01/2008 15:50:15 | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 26/01/2008 23:02:43 | Attr =	]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
go -> %SystemRoot%\go ->  [Ver =  | Size = 32 bytes | Created Date = 18/01/2008 21:16:27 | Attr =	]
PCDLIB32.DLL -> %SystemRoot%\PCDLIB32.DLL -> Eastman Kodak [Ver = 3, 0, 0, 0 | Size = 212480 bytes | Created Date = 01/01/2008 11:52:42 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 18/01/2008 23:08:25 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 18/01/2008 23:08:25 | Attr =  H ]

[Files/Folders - Modified Within 30 days]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 26/01/2008 23:02:27 | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 26/01/2008 20:18:31 | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 26/01/2008 23:03:39 | Attr = R  ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 20/01/2008 22:23:57 | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 20/01/2008 22:23:57 | Attr =  H ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 26/01/2008 23:02:43 | Attr =	]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 27/01/2008 09:40:00 | Attr =	]
PnkBstrK.sys -> %System32%\drivers\PnkBstrK.sys ->  [Ver =  | Size = 22328 bytes | Modified Date = 23/01/2008 23:02:28 | Attr =	]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT ->  [Ver =  | Size = 10740 bytes | Modified Date = 01/01/2008 18:16:55 | Attr =	]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF ->  [Ver =  | Size = 805 bytes | Modified Date = 01/01/2008 18:16:55 | Attr =	]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 01/01/2008 18:16:55 | Attr =	]
ActiveScan -> %System32%\ActiveScan ->  [Folder | Modified Date = 26/01/2008 16:33:08 | Attr =	]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 08/01/2008 20:52:17 | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 27/01/2008 17:00:40 | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 08/01/2008 21:23:17 | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 26/01/2008 20:06:41 | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 139648 bytes | Modified Date = 01/01/2008 12:14:37 | Attr =	]
Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 26/01/2008 19:07:13 | Attr =	]
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Modified Date = 26/01/2008 19:09:44 | Attr =	]
pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 26/01/2008 19:07:13 | Attr =	]
PnkBstrB.exe -> %System32%\PnkBstrB.exe ->  [Ver =  | Size = 107832 bytes | Modified Date = 23/01/2008 23:00:45 | Attr =	]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Modified Date = 04/01/2008 20:59:59 | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 20/01/2008 10:28:11 | Attr =	]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 01/01/2008 18:16:55 | Attr =	]
Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 26/01/2008 19:07:13 | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 12704 bytes | Modified Date = 25/01/2008 20:16:06 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 08/01/2008 20:50:26 | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 27/01/2008 16:53:24 | Attr =   S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini ->  [Ver =  | Size = 18231 bytes | Modified Date = 09/01/2008 20:39:10 | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 08/01/2008 23:38:29 | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 26/01/2008 23:03:05 | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 26/01/2008 23:02:43 | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 01/01/2008 11:50:03 | Attr = R S]
go -> %SystemRoot%\go ->  [Ver =  | Size = 32 bytes | Modified Date = 18/01/2008 21:16:27 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 26/01/2008 19:09:44 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 18/01/2008 21:34:19 | Attr =  HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 19/01/2008 00:18:13 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 27/01/2008 17:00:39 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 18/01/2008 23:08:25 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 18/01/2008 23:08:25 | Attr =  H ]
system32 -> %System32% ->  [Folder | Modified Date = 26/01/2008 19:09:44 | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 27/01/2008 17:00:06 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 662 bytes | Modified Date = 26/01/2008 16:33:15 | Attr =	]
Norton Internet Security - Run Full System Scan - Dave.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Dave.job ->  [Ver =  | Size = 620 bytes | Modified Date = 21/01/2008 22:17:52 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 27/01/2008 16:53:27 | Attr =  H ]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FE2DACC32FFC736428AAAAFB7320283D\Usage]
"Complete"=dword:383b1e44
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\67228D97.TMP 0 bytes
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\DEDA371F.TMP 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\Desktop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\Favorites\101 best Classical CD reviews of Berlioz, Chopin, Liszt, Gounod, Bizet, Saint-Seans, Faure, Albeniz.url:favicon 318 bytes
C:\Documents and Settings\Dave\Favorites\22nd Squad News.url:favicon 22486 bytes
C:\Documents and Settings\Dave\Favorites\Andrea's Stuff\Calorie Counter.url:favicon 3638 bytes
C:\Documents and Settings\Dave\Favorites\Anonymous Proxy - Free Proxy Site - Hide IP.url:favicon 2550 bytes
C:\Documents and Settings\Dave\Favorites\BF2S.com - The Numbers Behind Battlefield 2.url:favicon 1406 bytes
C:\Documents and Settings\Dave\Favorites\Mrs Dawn Goutorbe - Upperwood English Setters - Dogs Worldwide.com.url:favicon 1150 bytes
C:\Documents and Settings\Dave\Favorites\Holiday rentals in Kenmore, Central Scotland, Tayside, Scotland, Arcady, Cottage.url:favicon 1406 bytes
C:\Documents and Settings\Dave\Favorites\Tolerance International -UK - Go CO2 neutral - intro.url:favicon 894 bytes
C:\Documents and Settings\Dave\Favorites\How-To Make Wall Plaques from Gardenmolds.com Molds.url:favicon 318 bytes
C:\Documents and Settings\Dave\My Documents\Battlefield 2\LogoCache\www.punksbusted.com\psbsig\psbsig.php\server\63.243.164.104:16567.png 10266 bytes
C:\Documents and Settings\Dave\My Documents\Downloads\Julmusik-Andy Williams-6 cd\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\Downloads\The Perry Como Christmas Album [Compilation]\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\Downloads\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Music\30 Seconds To Mars\30 Seconds To Mars\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Music\Electric Light Orchestra\Light Years - The Very Best Of (CD\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Music\Enemy\We'll Live & Die in These Towns\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Music\Foo Fighters\Echoes, Silence, Patience & Grace\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Music\Foo Fighters\Foo Fighters\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Music\Foo Fighters\One by One\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Music\George Michael\Songs from the Last Century\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Music\Kirsty MacColl\Kite\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Music\Pink Floyd\Animals\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Music\Project Divinity - Divinity -- Jamendo - MP3 VBR 192k - 2006.08.21 [www.jamendo.com]\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Music\Queen\Night at the Opera [DTS]\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Music\Robert Plant-Alison Krauss\Raising Sand\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Music\Various Artists\Lady Sings the Blues [EMI] (1 of 2)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Pictures\ash240907\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Pictures\big\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Pictures\France07\big\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Pictures\France07\yes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Pictures\misc0807\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Pictures\PhotoBase Samples\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Pictures\PHOTOfunSTUDIO\01012008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Pictures\PHOTOfunSTUDIO\25122007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Pictures\PHOTOfunSTUDIO\26122007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Pictures\PHOTOfunSTUDIO\28122007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Pictures\PHOTOfunSTUDIO\30122007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Pictures\PHOTOfunSTUDIO\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Dave\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 73

< End of report >

  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Logitech Hardware Abstraction Layer -> KHALMNPR.EXE
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[]
YN -> msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[]
[Files/Folders - Created Within 30 days]
YN -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YN -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
YN -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

I will review the information when it comes back in.


Also post a new HijackThis log and tell me how your PC is running
  • 0

#8
UKBobby

UKBobby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hello

Sorry I re-booted the PC before saving the text file (actually couldn't see one) but I have run a Hijackthis log following the running of the quote (as you mentioned)

PC seems to be running fine - if clean what was there on my machine of note?

One other thing - I noticed that one of your commands was to remove something to do with freerip - I have used this package before and find it quite handy - does it contain spyware and should I uninstall it from my machine?

Here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:25, on 28/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip....er/igloader.CAB
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10376 bytes


Many thanks

Dave
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Nearly done now

One other thing - I noticed that one of your commands was to remove something to do with freerip - I have used this package before and find it quite handy - does it contain spyware and should I uninstall it from my machine?

The .exe file comes with spyware unfortunately. The program itself is probably fine since we have removed the malware it came with.


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

  • 0

#10
UKBobby

UKBobby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
sorry for the delay in getting back to you

Done and here is the log - seems just to be cookies so its all looking good??

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/29/2008 at 10:41 PM

Application Version : 3.9.1008

Core Rules Database Version : 3390
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 00:19:07

Memory items scanned : 494
Memory threats detected : 0
Registry items scanned : 5621
Registry threats detected : 0
File items scanned : 47255
File threats detected : 7

Adware.Tracking Cookie
C:\Documents and Settings\Dave\Cookies\[email protected][2].txt
C:\Documents and Settings\Dave\Cookies\[email protected][2].txt
C:\Documents and Settings\Dave\Cookies\[email protected][1].txt
C:\Documents and Settings\Dave\Cookies\[email protected][1].txt
C:\Documents and Settings\Dave\Cookies\[email protected][1].txt
C:\Documents and Settings\Dave\Cookies\[email protected][2].txt
C:\Documents and Settings\Dave\Cookies\[email protected][1].txt


Many thanks for your help

Dave
  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes we are all done ! Few things to do

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#12
UKBobby

UKBobby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Many thanks for your time and effort. My computer seems to be running fine thanks

Keep up the good work and I hope you have many years helping poor souls like myself in need of a geek or two.

Cheers

Dave
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP