[Danfango]

Hi,

I keep getting fake spyware alerts such as system integrity scan wizard and a yellow system tray popup stating:

"Your computer is infected with spyware. Windows has detected spyware on your PC. Please update your anti-virus..."

This then takes you through to a fake website with PC-Antispyware and PC-Cleaner software listed.

I have Panda for Business with Exchange for Anti-Virus, but this detects nothing. Neither does the Active scan.

I've also run the following Anti-Spyware software with varying degrees of success (i.e. it stays away for a bit longer, but always returns):

AVG Anti-Spyware
Super Anti-Spyware
Spyware Doctor

I've also followed the instructions located at:
http://www.geekstogo...-Log-t2852.html

The Hijackthis log is as follows:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:18, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PavFnSvr.exe
C:\Program Files\PANDA SOFTWARE\AVTC\TPSrv.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PavSrv51.exe
C:\Program Files\PANDA SOFTWARE\AVTC\AVENGINE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PsCtrlS.exe
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Pav_Agent\Pagent.exe
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Scheduler\pavsched.exe
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Pav_Agent\pagentwd.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSKMsSvc.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSHost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PsImSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\PANDA SOFTWARE\AVTC\SrvLoad.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSCtrlC.exe
C:\Program Files\PANDA SOFTWARE\AVTC\CpIcnMng.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\zeturaby.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PANDA SOFTWARE\AVTC\WebProxy.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSIMMON.exe
C:\Documents and Settings\Darren\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PASystemTray] "C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe"
O4 - HKLM\..\Run: [Panda Controller Client] "C:\Program Files\PANDA SOFTWARE\AVTC\PSCtrlC.exe"
O4 - HKLM\..\Run: [CpnIconMng] C:\Program Files\PANDA SOFTWARE\AVTC\CpIcnMng.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [kllynjna] C:\WINDOWS\system32\zeturaby.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{21C4A2EA-8C05-4564-A84C-91030A687878}: NameServer = 192.168.0.1,212.159.11.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{21C4A2EA-8C05-4564-A84C-91030A687878}: NameServer = 192.168.0.1,212.159.11.150
O17 - HKLM\System\CS2\Services\Tcpip\..\{21C4A2EA-8C05-4564-A84C-91030A687878}: NameServer = 192.168.0.1,212.159.11.150
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Panda AdminSecure Administration Server (AdminServer) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda AdminSecure Distribution Server (PadFSvr) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PsCtrlS.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Scheduler\pavsched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PavSrv51.exe
O23 - Service: Panda AntiSpam Engine (PMShellSrv) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PSKMsSvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PSHost.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PsImSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\TPSrv.exe

--
End of file - 14017 bytes



The Uninstall list is:


32 Bit HP CIO Components Installer
4oD
Acoustica Effects Pack
Adobe Flash Player Plugin
Adobe Reader 6.0.1
Advanced RAR Password Recovery (remove only)
Apple Mobile Device Support
Apple Software Update
AVG Anti-Spyware 7.5
BBC iPlayer Download Manager
BBC iPlayer Download Manager
Belarc Advisor 7.2
CDDRV_Installer
CivCity
DAEMON Tools
Democracy 2
EasyCleaner
Fleet Command
FLV Player
Football Manager 2008
Google Earth
Google Photos Screensaver
Google Updater
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
Intel® Processor ID Utility
iTunes
Jagged Alliance 2: Unfinished Business
Java™ 6 Update 2
Java™ 6 Update 3
KhalInstallWrapper
Logitech SetPoint
Making History: The Calm and The Storm
Medieval II Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Backward compatibility
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Mozilla Firefox (2.0.0.13)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Navman SmartST Desktop 2006 SE
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
Panda ActiveScan 2.0
Panda AdminSecure 2007
Panda AdminSecure Reports Component
Panda Security for Desktops
PartyPoker
Portal
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Rise and Fall
RtW Add-on Pack 1
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Shop for HP Supplies
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Railroads
Silent Hunter 4 Wolves of the Pacific
SimCity 4
SimCity™ Societies
Sky Broadband
Space Empires IV Deluxe
Speedball 2 - Tournament
Spin It Again
Spyware Doctor 5.5
Steam
SUPERAntiSpyware Free Edition
Team Fortress 2
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB Vibration Joystick
USB-706 Vibration Joystick
Vegas - Make It Big
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinHTTrack Website Copier 3.41-rc1
WinRAR archiver
Worms 3D
XP Codec Pack
ZIP PASSWORD FINDER


Any assistance would be much appreciated.

Kind regards.

Edited by Danfango, 10 April 2008 - 01:56 PM.

[Advertisements]

Hello DanFango

Please be patient as I review your log. I will be with you shortly.

[Ness]

Hello DanFango

Please be patient as I review your log. I will be with you shortly.

[Ness]

Hello again DanFango

1. Clean Temporary Files/Folders
------------------------------------------------

Updating Java and Clearing Cache

• Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
• It will say "Java Plug-in" under the icon.
  Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
• If you are unable to update you can manually update by going here:
  
  • Java Runtime Environment (JRE) 6 Update 5
• After the reboot, go back into the Control Panel and double-click the Java Icon.
• Under Temporary Internet Files, click the Delete Files button.
• There are three options in the window to clear the cache - Leave ALL 3 Checked
  Downloaded Applets
  Downloaded Applications
  Other Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Java Control Panel.

2. HiJackThis Fix + File Deletion
------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [kllynjna] C:\WINDOWS\system32\zeturaby.exe
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now lets make sure you can view hidden files/folders. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), go to Tools > Folder Options. Select the view tab, and scroll down. Make sure that Show hidden files and folders is selected.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\system32\zeturaby.exe
C:\WINDOWS\system32\ALCMTR.EXE

After that, Reboot.

3. Deckard's System Scanner
------------------------------------------------

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

In your next post
------------------------------------------------

• DSS

Edited by Nys, 11 April 2008 - 03:58 AM.

[Danfango]

Hi Nys,

First of all, thank you for the speedy response.

The DSS Info is:

Deckard's System Scanner v20071014.68
Run by Darren on 2008-04-11 13:32:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-04-11 12:32:54 UTC - RP219 - Deckard's System Scanner Restore Point
2: 2008-04-11 11:42:23 UTC - RP218 - Installed Java™ 6 Update 5
1: 2008-04-10 19:17:18 UTC - RP217 - Before Spyware Removed


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Darren.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:16, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PavFnSvr.exe
C:\Program Files\PANDA SOFTWARE\AVTC\TPSrv.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PavSrv51.exe
C:\Program Files\PANDA SOFTWARE\AVTC\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PsCtrlS.exe
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Pav_Agent\Pagent.exe
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Pav_Agent\pagentwd.exe
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Scheduler\pavsched.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSKMsSvc.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSHost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PsImSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\PANDA SOFTWARE\AVTC\SrvLoad.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSCtrlC.exe
C:\Program Files\PANDA SOFTWARE\AVTC\CpIcnMng.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\WebProxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Documents and Settings\Darren\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\Darren\Desktop\Darren.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSIMMON.exe
C:\Program Files\PANDA SOFTWARE\AVTC\avciman.exe
C:\Program Files\PANDA SOFTWARE\AVTC\psimreal.exe
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\PavReport\PavReport.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PASystemTray] "C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe"
O4 - HKLM\..\Run: [Panda Controller Client] "C:\Program Files\PANDA SOFTWARE\AVTC\PSCtrlC.exe"
O4 - HKLM\..\Run: [CpnIconMng] C:\Program Files\PANDA SOFTWARE\AVTC\CpIcnMng.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{21C4A2EA-8C05-4564-A84C-91030A687878}: NameServer = 192.168.0.1,212.159.11.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{21C4A2EA-8C05-4564-A84C-91030A687878}: NameServer = 192.168.0.1,212.159.11.150
O17 - HKLM\System\CS2\Services\Tcpip\..\{21C4A2EA-8C05-4564-A84C-91030A687878}: NameServer = 192.168.0.1,212.159.11.150
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Panda AdminSecure Administration Server (AdminServer) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda AdminSecure Distribution Server (PadFSvr) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PsCtrlS.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Scheduler\pavsched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PavSrv51.exe
O23 - Service: Panda AntiSpam Engine (PMShellSrv) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PSKMsSvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PSHost.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PsImSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\TPSrv.exe

--
End of file - 13223 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Darren\Desktop\backups\) --------------

backup-20080411-125549-571 O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
backup-20080411-125549-791 O4 - HKCU\..\Run: [kllynjna] C:\WINDOWS\system32\zeturaby.exe
backup-20080411-125549-874 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 vcdrom (Virtual CD-ROM Device Driver) - c:\documents and settings\darren\my documents\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)
R3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)
R3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing)
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 WNMFLT (Wifi Monitor Filter Plugin) - c:\windows\system32\drivers\wnmflt.sys (file missing)
S3 hSONYPVh - c:\docume~1\darren\locals~1\temp\hsonypvh.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe
R2 PadFSvr (Panda AdminSecure Distribution Server) - "c:\program files\panda software\panda administrator 3\distribution server\padfsvr.exe" <Not Verified; Panda Software; Panda AdminSecure>
R2 PavFnSvr (Panda Function Service) - c:\program files\panda software\avtc\pavfnsvr.exe <Not Verified; Panda Software International; Panda Residents>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C4380 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4380 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: PnP BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: PnP BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: d347bus


-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-11 13:13:40 0 d-------- C:\Documents and Settings\Darren\Application Data\WinPatrol
2008-04-11 13:13:36 0 d-------- C:\Program Files\BillP Studios
2008-04-10 18:50:55 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-10 18:50:44 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-04-10 18:07:39 0 --a------ C:\WINDOWS\system32\٤٤
2008-04-10 18:06:30 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-04-10 18:05:04 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-10 12:45:35 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-10 12:45:26 0 d-------- C:\Program Files\Spyware Doctor
2008-04-10 12:45:26 0 d-------- C:\Documents and Settings\Darren\Application Data\PC Tools
2008-04-10 12:44:57 0 d-------- C:\Documents and Settings\Darren\Application Data\Google
2008-04-10 12:44:29 0 d-------- C:\WINDOWS\system32\runtime
2008-04-10 12:44:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-10 12:44:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-10 12:44:04 0 d-------- C:\Program Files\Google
2008-04-09 14:50:54 0 d-------- C:\Program Files\Panda Security
2008-04-09 11:39:35 33852 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-04-09 11:38:32 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-04-09 11:35:51 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-04-09 11:26:14 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2008-04-09 11:25:38 0 d-------- C:\Program Files\Microsoft Analysis Services
2008-04-09 11:25:34 0 d-------- C:\Program Files\Microsoft SQL Server
2008-04-09 11:23:30 0 d-------- C:\Panda
2008-04-09 11:06:28 108085 --a------ C:\WINDOWS\hpqins01.dat
2008-04-04 12:27:18 57344 --a------ C:\WINDOWS\system32\Wnaspint.dll <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2008-04-04 12:27:02 0 d-------- C:\Program Files\Acoustica Shared Effects
2008-04-04 12:26:59 0 d-------- C:\Program Files\Acoustica Spin It Again
2008-03-31 14:04:58 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-31 14:04:55 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-31 14:04:55 0 d-------- C:\Documents and Settings\Darren\Application Data\SUPERAntiSpyware.com
2008-03-31 14:04:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32taack.exe
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32taack.dat
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-03-26 01:23:38 0 d-------- C:\WINDOWS\system32smp
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32netode.exe
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-03-26 01:23:38 4096 --a------ C:\WINDOWS\a.bat
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32thun.dll
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\[email protected]@@k.dll
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32bdn.com
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\mssecu.exe
2008-03-26 01:23:37 4096 --a------ C:\WINDOWS\bdn.com
2008-03-26 01:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\lclmjkpu
2008-03-19 22:24:16 7262 -----n--- C:\WINDOWS\hpomdl21.dat
2008-03-19 22:24:16 165218 --a------ C:\WINDOWS\hpoins21.dat
2008-03-19 22:12:16 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2008-03-18 00:30:17 742 --a------ C:\WINDOWS\system32\test.vbs
2008-03-18 00:29:06 0 d-------- C:\Program Files\ElcomSoft
2008-03-18 00:21:53 0 d-------- C:\Program Files\Intelore
2008-03-15 15:30:45 0 d-------- C:\Program Files\Microsoft Works
2008-03-15 15:29:54 0 d-------- C:\Program Files\Microsoft.NET
2008-03-15 15:28:35 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-15 15:27:57 0 d-------- C:\WINDOWS\SHELLNEW
2008-03-15 15:27:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-15 15:26:57 0 dr-h----- C:\MSOCache


-- Find3M Report ---------------------------------------------------------------

2008-04-11 13:08:44 0 d-------- C:\Program Files\Steam
2008-04-11 13:07:36 785 --ahs---- C:\WINDOWS\system32\mmf.sys
2008-04-11 12:43:16 0 d-------- C:\Program Files\Java
2008-04-10 18:12:45 0 d-------- C:\Program Files\HP
2008-04-09 14:50:56 2791 --a------ C:\WINDOWS\mozver.dat
2008-04-09 11:35:51 0 d-------- C:\Program Files\Panda Software
2008-04-09 11:28:20 0 d-------- C:\Program Files\Common Files\Panda Software
2008-04-09 11:26:14 0 d-------- C:\Program Files\Common Files
2008-04-09 11:16:23 0 d-------- C:\Documents and Settings\Darren\Application Data\Apple Computer
2008-04-08 17:27:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-03 18:36:52 0 d-------- C:\Program Files\Kontiki
2008-04-03 18:36:51 0 d-------- C:\Program Files\iTunes
2008-04-03 18:36:50 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-03 18:36:48 0 d-------- C:\Program Files\Messenger
2008-04-03 18:36:47 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-27 01:53:13 0 d-------- C:\Documents and Settings\Darren\Application Data\BitTorrent
2008-03-26 01:33:31 0 d-------- C:\Program Files\BitTorrent
2008-03-16 16:50:14 0 d-------- C:\Documents and Settings\Darren\Application Data\Adobe
2008-03-09 14:41:29 0 d-------- C:\Program Files\WinHTTrack
2008-03-03 23:09:36 0 d-------- C:\Documents and Settings\Darren\Application Data\Media Player Classic
2008-03-02 03:45:30 0 d-------- C:\Program Files\ZIP PASSWORD FINDER
2008-02-28 21:11:05 0 d-------- C:\Program Files\Midway Games
2008-02-28 20:42:45 0 d-------- C:\Documents and Settings\Darren\Application Data\DAEMON Tools
2008-02-28 20:42:19 0 d-------- C:\Program Files\D-Tools
2008-02-26 16:34:08 0 d-------- C:\Program Files\Democracy2
2008-02-26 16:33:13 4096 --a------ C:\WINDOWS\d3dx.dat
2008-02-24 20:29:48 0 d-------- C:\Program Files\XP Codec Pack
2008-02-24 20:20:53 0 d-------- C:\Documents and Settings\Darren\Application Data\Grisoft
2008-02-21 20:20:41 0 d-------- C:\Documents and Settings\Darren\Application Data\AdobeUM
2008-02-18 21:39:32 0 d-------- C:\Program Files\MSXML 4.0
2008-02-17 15:09:24 0 d-------- C:\Program Files\Sky Broadband
2008-01-16 19:14:22 20480 --a------ C:\WINDOWS\system32\hpzisn12.dll <Not Verified; Hewlett-Packard; Bidi User Mode>
2008-01-16 19:14:22 29696 --a------ C:\WINDOWS\system32\hpzipt12.dll <Not Verified; Hewlett-Packard; Bidi User Mode>
2008-01-16 19:14:20 33280 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; Hewlett-Packard; Bidi User Mode>
2008-01-16 19:14:20 53760 --a------ C:\WINDOWS\system32\HPZipm12.dll <Not Verified; Hewlett-Packard; Bidi User Mode>
2008-01-16 19:14:18 43520 --a------ C:\WINDOWS\system32\HPZinw12.dll <Not Verified; Hewlett-Packard; Bidi User Mode>
2008-01-16 19:14:18 49152 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; Hewlett-Packard; Bidi User Mode>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
06/11/2007 01:50 542016 --a------ C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/10/2007 18:14]
"nwiz"="nwiz.exe" [04/10/2007 18:14 C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 15:32 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/10/2007 18:14]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"PASystemTray"="C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe" [19/10/2007 13:57]
"Panda Controller Client"="C:\Program Files\PANDA SOFTWARE\AVTC\PSCtrlC.exe" [04/07/2007 08:48]
"CpnIconMng"="C:\Program Files\PANDA SOFTWARE\AVTC\CpIcnMng.exe" [21/05/2007 14:48]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [22/08/2007 16:31]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [27/01/2008 06:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13/11/2006 13:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 13:00]

C:\Documents and Settings\Darren\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 21:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/04/2008 12:44:05]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [14/10/2007 20:38:52]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [28/07/2007 19:31:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 31/03/2008 15:52 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
HPService HPSLPSVC


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c3623d8-a9ce-11dc-8198-00196629475c}]
AutoRun\command- H:\PortableRoboForm.exe
RoboForm2Go\command- H:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8b1efd0-a66a-11dc-818d-806d6172696f}]
AutoRun\command- E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8b1efd5-a66a-11dc-818d-00196629475c}]
AutoRun\command- G:\RunGame.exe




-- End of Deckard's System Scanner: finished at 2008-04-11 13:34:53 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
CPU 1: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 2047.23 MiB / 1304.28 MiB
Pagefile Memory (total/avail): 4967.15 MiB / 4046.56 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1892.63 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 372.6 GiB total, 253.07 GiB free.
D: is CDROM (CDFS)
F: is CDROM (No Media)
Z: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - Hitachi HDT725040VLA360 - 372.61 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 372.6 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
FirewallOverride is set.

FW: Panda Security for Desktops Firewall v4.02.30.0000 (Panda Software)
AV: Panda Security for Desktops v4.02.30.0000 (Panda Software) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\PROGRAM FILES\\PANDA SOFTWARE\\PANDA ADMINISTRATOR 3\\Pav_Agent\\Pagent.exe"="C:\\PROGRAM FILES\\PANDA SOFTWARE\\PANDA ADMINISTRATOR 3\\Pav_Agent\\Pagent.exe"
"C:\\Program Files\\PANDA SOFTWARE\\AVTC\\PSHost.exe"="C:\\Program Files\\PANDA SOFTWARE\\AVTC\\PSHost.exe"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Midway Games\\Rise and Fall\\RiseAndFall.exe"="C:\\Program Files\\Midway Games\\Rise and Fall\\RiseAndFall.exe:*:Enabled:Rise and Fall: Civilizations at War"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\PROGRAM FILES\\PANDA SOFTWARE\\PANDA ADMINISTRATOR 3\\Pav_Agent\\Pagent.exe"="C:\\PROGRAM FILES\\PANDA SOFTWARE\\PANDA ADMINISTRATOR 3\\Pav_Agent\\Pagent.exe"
"C:\\Program Files\\PANDA SOFTWARE\\AVTC\\PSHost.exe"="C:\\Program Files\\PANDA SOFTWARE\\AVTC\\PSHost.exe"
"D:\\setup\\HPZnui01.exe"="D:\\setup\\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\\Documents and Settings\\Darren\\Local Settings\\Temp\\7zS38.tmp\\setup\\HPZnui01.exe"="C:\\Documents and Settings\\Darren\\Local Settings\\Temp\\7zS38.tmp\\setup\\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Darren\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=POWER-444F0A662
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Darren
LOGONSERVER=\\POWER-444F0A662
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Darren\LOCALS~1\Temp
TMP=C:\DOCUME~1\Darren\LOCALS~1\Temp
USERDOMAIN=POWER-444F0A662
USERNAME=Darren
USERPROFILE=C:\Documents and Settings\Darren
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Darren (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Total War\Medieval - Total War\Uninst.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
Acoustica Effects Pack --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Advanced RAR Password Recovery (remove only) --> C:\Program Files\ElcomSoft\ARPR\uninstall.exe
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
BBC iPlayer Download Manager --> MsiExec.exe /X{D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CivCity --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{994E24A6-EC47-4201-8D0B-D4563B7AD66B}\setup.exe" -l0x9 -removeonly
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Democracy 2 --> "C:\Program Files\Democracy2\unins000.exe"
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
Fleet Command --> "C:\Program Files\Steam\steam.exe" steam://uninstall/2910
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver --> MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Episode One --> "C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "C:\Program Files\Steam\steam.exe" steam://uninstall/420
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Darren\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 10.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 10.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart All-In-One Driver Software 10.0 Rel .2 --> C:\Program Files\HP\Digital Imaging\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}\setup\hpzscr01.exe -datfile hposcr21.dat -onestop
HP Photosmart Essential 2.5 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
Intel® Processor ID Utility --> MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Jagged Alliance 2: Unfinished Business --> "C:\Program Files\Steam\steam.exe" steam://uninstall/2950
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Making History: The Calm and The Storm --> "C:\Program Files\Steam\steam.exe" steam://uninstall/6250
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Backward compatibility --> MsiExec.exe /I{2243F21A-E132-44F7-BA13-024D0845C815}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Navman SmartST Desktop 2006 SE --> C:\Program Files\InstallShield Installation Information\{60DD2787-197D-4303-ABAC-7B4DAA373CB2}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S. 10.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda AdminSecure 2007 --> MsiExec.exe /I{57675F06-EF3D-467C-B6DB-5EC6C200A3F3}
Panda AdminSecure Reports Component --> MsiExec.exe /X{63F20384-30A9-48E2-86E3-DDBF95992070}
Panda Security for Desktops --> "C:\Program Files\PANDA SOFTWARE\AVTC\Install\UNINST.exe" -A:UNINSTALL -DeleteQtine:1 -SHOWIFACE
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
Portal --> "C:\Program Files\Steam\steam.exe" steam://uninstall/400
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rise and Fall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\Inst

[Ness]

Hello again DanFango

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Please read my entire post before commencing, and please follow my instructions in the order that they are given If you don't understand something, don't be afraid to ask!

1. Multiple Antispyware Programs
------------------------------------------------

Anti-Spyware programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-spyware programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Spyware program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.

2. Clear Temporary Files
------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

3. Delete Files/Folders with OTMoveIt2
------------------------------------------------

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\system32winlogonpc.exe
  C:\WINDOWS\system32taack.exe
  C:\WINDOWS\system32taack.dat
  C:\WINDOWS\system32ssurf022.dll
  C:\WINDOWS\system32sncntr.exe
  C:\WINDOWS\system32smp
  C:\WINDOWS\system32psoft1.exe
  C:\WINDOWS\system32psof1.exe
  C:\WINDOWS\system32ps1.exe
  C:\WINDOWS\system32netode.exe
  C:\WINDOWS\system32mwin32.exe
  C:\WINDOWS\system32mtr2.exe
  C:\WINDOWS\system32msnbho.dll
  C:\WINDOWS\system32msgp.exe
  C:\WINDOWS\system32medup020.dll
  C:\WINDOWS\system32medup012.dll
  C:\WINDOWS\system32hxiwlgpm.exe
  C:\WINDOWS\system32hxiwlgpm.dat
  C:\WINDOWS\system32hoproxy.dll
  C:\WINDOWS\system32bsva-egihsg52.exe
  C:\WINDOWS\iTunesMusic.exe
  C:\WINDOWS\a.bat
  C:\WINDOWS\system32WINWGPX.EXE
  C:\WINDOWS\system32winsystem.exe
  C:\WINDOWS\system32vcatchpi.dll
  C:\WINDOWS\system32vbsys2.dll
  C:\WINDOWS\system32thun32.dll
  C:\WINDOWS\system32thun.dll
  C:\WINDOWS\system32temp#01.exe
  C:\WINDOWS\system32sysreq.exe
  C:\WINDOWS\system32ssvchost.exe
  C:\WINDOWS\system32ssvchost.com
  C:\WINDOWS\system32Rundl1.exe
  C:\WINDOWS\system32regm64.dll
  C:\WINDOWS\system32regc64.dll
  C:\WINDOWS\system32newsd32.exe
  C:\WINDOWS\system32msvchost.exe
  C:\WINDOWS\system32mssecu.exe
  C:\WINDOWS\[email protected]@@k.dll
  C:\WINDOWS\system32emesx.dll
  C:\WINDOWS\system32dpcproxy.exe
  C:\WINDOWS\system32bdn.com
  C:\WINDOWS\system32awtoolb.dll
  C:\WINDOWS\system32anticipator.dll
  C:\WINDOWS\system32akttzn.exe
  C:\WINDOWS\mssecu.exe
  C:\WINDOWS\bdn.com
  C:\WINDOWS\system32\٤٤
  C:\Documents and Settings\All Users\Application Data\lclmjkpu

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

4. Fix the Registry
------------------------------------------------

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

• Go Here and download ERUNT
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
• Install ERUNT by following the prompts
  (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
• Start ERUNT
  (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
• Choose a location for the backup
  (the default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked
• Press OK
• Press YES to create the folder.

Registry Modifications

Please go to Start > Run and type in notepad.exe. Copy and paste the following code in exactly as shown below beginning with REGEDIT4:

REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c3623d8-a9ce-11dc-8198-00196629475c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8b1efd0-a66a-11dc-818d-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8b1efd5-a66a-11dc-818d-00196629475c}]

Save the file as regfix1.reg on to your desktop. Now go to your desktop and double click the file.

Confirm that you wish to merge it with registry.

Finally, post a new DSS log.

In your next post
------------------------------------------------

• OTMoveIt2
• DSS

[Danfango]

Hi,

Apologies for the delay in response, my laptop has also given up the ghost. It never rains... :-)

The OTMoveIt2 Post:

File/Folder C:\WINDOWS\system32winlogonpc.exe not found.
File/Folder C:\WINDOWS\system32taack.exe not found.
File/Folder C:\WINDOWS\system32taack.dat not found.
File/Folder C:\WINDOWS\system32ssurf022.dll not found.
File/Folder C:\WINDOWS\system32sncntr.exe not found.
File/Folder C:\WINDOWS\system32smp not found.
File/Folder C:\WINDOWS\system32psoft1.exe not found.
File/Folder C:\WINDOWS\system32psof1.exe not found.
File/Folder C:\WINDOWS\system32ps1.exe not found.
File/Folder C:\WINDOWS\system32netode.exe not found.
File/Folder C:\WINDOWS\system32mwin32.exe not found.
File/Folder C:\WINDOWS\system32mtr2.exe not found.
File/Folder C:\WINDOWS\system32msnbho.dll not found.
File/Folder C:\WINDOWS\system32msgp.exe not found.
File/Folder C:\WINDOWS\system32medup020.dll not found.
File/Folder C:\WINDOWS\system32medup012.dll not found.
File/Folder C:\WINDOWS\system32hxiwlgpm.exe not found.
File/Folder C:\WINDOWS\system32hxiwlgpm.dat not found.
File/Folder C:\WINDOWS\system32hoproxy.dll not found.
File/Folder C:\WINDOWS\system32bsva-egihsg52.exe not found.
File/Folder C:\WINDOWS\iTunesMusic.exe not found.
File/Folder C:\WINDOWS\a.bat not found.
File/Folder C:\WINDOWS\system32WINWGPX.EXE not found.
File/Folder C:\WINDOWS\system32winsystem.exe not found.
File/Folder C:\WINDOWS\system32vcatchpi.dll not found.
File/Folder C:\WINDOWS\system32vbsys2.dll not found.
File/Folder C:\WINDOWS\system32thun32.dll not found.
File/Folder C:\WINDOWS\system32thun.dll not found.
File/Folder C:\WINDOWS\system32temp#01.exe not found.
File/Folder C:\WINDOWS\system32sysreq.exe not found.
File/Folder C:\WINDOWS\system32ssvchost.exe not found.
File/Folder C:\WINDOWS\system32ssvchost.com not found.
File/Folder C:\WINDOWS\system32Rundl1.exe not found.
File/Folder C:\WINDOWS\system32regm64.dll not found.
File/Folder C:\WINDOWS\system32regc64.dll not found.
File/Folder C:\WINDOWS\system32newsd32.exe not found.
File/Folder C:\WINDOWS\system32msvchost.exe not found.
File/Folder C:\WINDOWS\system32mssecu.exe not found.
< C:\WINDOWS\[email protected]@@k.dll >
File/Folder C:\WINDOWS\[email protected]@@k.dll not found.
File/Folder C:\WINDOWS\system32emesx.dll not found.
File/Folder C:\WINDOWS\system32dpcproxy.exe not found.
File/Folder C:\WINDOWS\system32bdn.com not found.
File/Folder C:\WINDOWS\system32awtoolb.dll not found.
File/Folder C:\WINDOWS\system32anticipator.dll not found.
File/Folder C:\WINDOWS\system32akttzn.exe not found.
File/Folder C:\WINDOWS\mssecu.exe not found.
File/Folder C:\WINDOWS\bdn.com not found.
C:\WINDOWS\system32\٤٤ moved successfully.
C:\Documents and Settings\All Users\Application Data\lclmjkpu moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05012008_160219

Panda prevented DSS/HiJackThis from accessing the hosts file, but the main.txt is as follows:

Deckard's System Scanner v20071014.68
Run by Darren on 2008-05-01 16:15:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Darren.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:55, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PavFnSvr.exe
C:\Program Files\PANDA SOFTWARE\AVTC\TPSrv.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PavSrv51.exe
C:\Program Files\PANDA SOFTWARE\AVTC\AVENGINE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PsCtrlS.exe
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Pav_Agent\Pagent.exe
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Scheduler\pavsched.exe
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Pav_Agent\pagentwd.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSKMsSvc.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSHost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\SrvLoad.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\WebProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSCtrlC.exe
C:\Program Files\PANDA SOFTWARE\AVTC\CpIcnMng.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\DOCUME~1\Darren\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Darren\My Documents\setup files\OTMoveIt2.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Darren\Desktop\dss.exe
C:\DOCUME~1\Darren\Desktop\Darren.exe
C:\Program Files\PANDA SOFTWARE\AVTC\avciman.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSIMMON.exe
C:\Program Files\PANDA SOFTWARE\AVTC\psimreal.exe
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\PavReport\PavReport.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PASystemTray] "C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe"
O4 - HKLM\..\Run: [Panda Controller Client] "C:\Program Files\PANDA SOFTWARE\AVTC\PSCtrlC.exe"
O4 - HKLM\..\Run: [CpnIconMng] C:\Program Files\PANDA SOFTWARE\AVTC\CpIcnMng.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{21C4A2EA-8C05-4564-A84C-91030A687878}: NameServer = 192.168.0.1,212.159.11.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{21C4A2EA-8C05-4564-A84C-91030A687878}: NameServer = 192.168.0.1,212.159.11.150
O17 - HKLM\System\CS2\Services\Tcpip\..\{21C4A2EA-8C05-4564-A84C-91030A687878}: NameServer = 192.168.0.1,212.159.11.150
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Panda AdminSecure Administration Server (AdminServer) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda AdminSecure Distribution Server (PadFSvr) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PsCtrlS.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\Scheduler\pavsched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ADMINISTRATOR 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PavSrv51.exe
O23 - Service: Panda AntiSpam Engine (PMShellSrv) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PSKMsSvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PSHost.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\TPSrv.exe

--
End of file - 12816 bytes

-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-04-30 11:18:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-28 16:40:22 0 d-------- C:\Documents and Settings\Darren\Application Data\ImgBurn
2008-04-28 16:37:42 0 d-------- C:\Program Files\ImgBurn
2008-04-26 18:48:52 0 d-------- C:\Program Files\Wise Registry Cleaner 3
2008-04-26 17:46:30 0 d-------- C:\WINDOWS\nview
2008-04-26 17:36:33 0 d-------- C:\Program Files\SystemRequirementsLab
2008-04-26 17:36:27 0 d-------- C:\Documents and Settings\Darren\Application Data\SystemRequirementsLab
2008-04-26 14:31:40 0 d-------- C:\Program Files\Executive Software
2008-04-24 12:32:32 0 d-------- C:\laptop
2008-04-16 15:30:11 0 d-------- C:\Program Files\TightVNC
2008-04-14 14:52:15 0 d-------- C:\Documents and Settings\Darren\Application Data\HPAppData
2008-04-14 13:26:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 13:13:40 0 d-------- C:\Documents and Settings\Darren\Application Data\WinPatrol
2008-04-11 13:13:36 0 d-------- C:\Program Files\BillP Studios
2008-04-10 18:50:55 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-10 18:50:44 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-04-10 18:06:30 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-04-10 18:05:04 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-10 12:45:35 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-10 12:44:57 0 d-------- C:\Documents and Settings\Darren\Application Data\Google
2008-04-10 12:44:29 0 d-------- C:\WINDOWS\system32\runtime
2008-04-10 12:44:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-10 12:44:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-10 12:44:04 0 d-------- C:\Program Files\Google
2008-04-09 14:50:54 0 d-------- C:\Program Files\Panda Security
2008-04-09 11:39:35 25756 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-04-09 11:38:32 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-04-09 11:35:51 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-04-09 11:26:14 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2008-04-09 11:25:38 0 d-------- C:\Program Files\Microsoft Analysis Services
2008-04-09 11:25:34 0 d-------- C:\Program Files\Microsoft SQL Server
2008-04-09 11:23:30 0 d-------- C:\Panda
2008-04-09 11:06:28 108085 --a------ C:\WINDOWS\hpqins01.dat
2008-04-04 12:27:18 57344 --a------ C:\WINDOWS\system32\Wnaspint.dll <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2008-04-04 12:27:02 0 d-------- C:\Program Files\Acoustica Shared Effects
2008-04-04 12:26:59 0 d-------- C:\Program Files\Acoustica Spin It Again


-- Find3M Report ---------------------------------------------------------------

2008-05-01 15:47:02 785 --ahs---- C:\WINDOWS\system32\mmf.sys
2008-04-30 11:18:34 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-24 12:33:26 0 d-------- C:\Program Files\Steam
2008-04-14 14:30:37 0 d-------- C:\Program Files\Kontiki
2008-04-14 14:12:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-14 12:39:31 0 d-------- C:\Documents and Settings\Darren\Application Data\SUPERAntiSpyware.com
2008-04-14 12:39:29 0 d-------- C:\Program Files\Common Files
2008-04-14 12:39:28 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-11 12:43:16 0 d-------- C:\Program Files\Java
2008-04-10 18:21:45 165218 --a------ C:\WINDOWS\hpoins21.dat
2008-04-10 18:12:45 0 d-------- C:\Program Files\HP
2008-04-09 14:50:56 2791 --a------ C:\WINDOWS\mozver.dat
2008-04-09 11:35:51 0 d-------- C:\Program Files\Panda Software
2008-04-09 11:28:20 0 d-------- C:\Program Files\Common Files\Panda Software
2008-04-09 11:16:23 0 d-------- C:\Documents and Settings\Darren\Application Data\Apple Computer
2008-04-03 18:36:51 0 d-------- C:\Program Files\iTunes
2008-04-03 18:36:50 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-03 18:36:48 0 d-------- C:\Program Files\Messenger
2008-04-03 18:36:47 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-27 01:53:13 0 d-------- C:\Documents and Settings\Darren\Application Data\BitTorrent
2008-03-26 01:33:31 0 d-------- C:\Program Files\BitTorrent
2008-03-18 00:30:17 742 --a------ C:\WINDOWS\system32\test.vbs
2008-03-18 00:29:06 0 d-------- C:\Program Files\ElcomSoft
2008-03-18 00:21:53 0 d-------- C:\Program Files\Intelore
2008-03-16 16:50:14 0 d-------- C:\Documents and Settings\Darren\Application Data\Adobe
2008-03-15 15:30:46 0 d-------- C:\Program Files\Microsoft Works
2008-03-15 15:29:54 0 d-------- C:\Program Files\Microsoft.NET
2008-03-15 15:28:35 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-09 14:41:29 0 d-------- C:\Program Files\WinHTTrack
2008-03-03 23:09:36 0 d-------- C:\Documents and Settings\Darren\Application Data\Media Player Classic
2008-02-26 16:33:13 4096 --a------ C:\WINDOWS\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
06/11/2007 01:50 542016 --a------ C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 15:32 C:\WINDOWS\KHALMNPR.Exe]
"PASystemTray"="C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe" [19/10/2007 13:57]
"Panda Controller Client"="C:\Program Files\PANDA SOFTWARE\AVTC\PSCtrlC.exe" [04/07/2007 08:48]
"CpnIconMng"="C:\Program Files\PANDA SOFTWARE\AVTC\CpIcnMng.exe" [21/05/2007 14:48]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [22/08/2007 16:31]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [27/01/2008 06:38]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41]
"nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 01:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13/11/2006 13:39]

C:\Documents and Settings\Darren\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 21:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/04/2008 12:44:05]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [14/10/2007 20:38:52]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [28/07/2007 19:31:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
HPService HPSLPSVC




-- End of Deckard's System Scanner: finished at 2008-05-01 16:16:17 ------------

Once again, I appreciate your assistance with this.

Kind regards,

Darren.