I have a probem, first off computer takes about 10-15 mins to start up on windows xp and then after a bit i get the following message popping up every 5 mins
Windows security alert
windows has detected an internet attack attempt...
somebodys trying to affect you pc with spyware or other harmful virus.
This then asks me to download a program to sort out but it then just pops up some web address to purchase it from.
Also in the bottom right hand corner a red cross flashes telling me about another attack.
can someone please help me as the computer wont run at all.
I have listed my hijack log, extra.txt and main.txt from deckard
HIJACK
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:35, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\krmdopsb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {466AADAC-E21A-422D-958C-2B627A22E99A} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [10ac579d] rundll32.exe "C:\WINDOWS\system32\eneetfoa.dll",b
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [fdntfgxm] C:\WINDOWS\system32\krmdopsb.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC-Cleaner] "C:\Program Files\PC-Cleaner\PC-Cleaner.exe" hide
O4 - HKLM\..\Policies\Explorer\Run: [b6BT4NQEsK] C:\Documents and Settings\All Users\Application Data\qjcrohyr\ktkfmdql.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.bullbearings.co.uk
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.0.8.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...wlscbase969.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155651804203
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O21 - SSODL: dsktbwfe - {A799B096-95D0-411E-A103-BBAB456493E0} - C:\WINDOWS\dsktbwfe.dll
O21 - SSODL: ogxtsepr - {5FC492A4-5CC8-4268-AD5B-DA96E64C4E55} - C:\WINDOWS\ogxtsepr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 12444 bytes
Deckard's System Scanner v20071014.68
Run by Richard on 2008-04-15 13:34:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 503 MiB (512 MiB recommended).
System Drive C: has 1.45 GiB (less than 15%) free.
-- HijackThis (run as Richard.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:59, on 15/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Documents and Settings\All Users\Application Data\qjcrohyr\ktkfmdql.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\olyxedmj.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Richard.RICHARD\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Richard.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.safenavwe...&...aid=1&pid=0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {34A75400-077F-4E0E-BB38-B7F45BAEA819} - (no file)
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\oswvtksp.dll
O2 - BHO: (no name) - {63E88EAE-0DDA-423A-84DA-249FFA401F9A} - C:\WINDOWS\system32\urqPiGVM.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\byXPGXNf.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {466AADAC-E21A-422D-958C-2B627A22E99A} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [10ac579d] rundll32.exe "C:\WINDOWS\system32\jsyoxiwe.dll",b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cjqlmshf] C:\WINDOWS\system32\olyxedmj.exe
O4 - HKLM\..\Policies\Explorer\Run: [b6BT4NQEsK] C:\Documents and Settings\All Users\Application Data\qjcrohyr\ktkfmdql.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.0.8.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...wlscbase969.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155651804203
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: byXPGXNf - C:\WINDOWS\SYSTEM32\byXPGXNf.dll
O21 - SSODL: dsktbwfe - {263D7CED-2310-483A-8DD0-1AD3DDA7915D} - C:\WINDOWS\dsktbwfe.dll
O21 - SSODL: ogxtsepr - {7D700DEC-2E6C-41DF-8904-587DA3E6C0F1} - C:\WINDOWS\ogxtsepr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 13713 bytes
MAIN.TXT
-- Files created between 2008-03-15 and 2008-04-15 -----------------------------
2008-04-15 12:54:38 0 d-------- C:\Documents and Settings\Richard.RICHARD\Application Data\DivX
2008-04-15 12:54:02 0 d-------- C:\Documents and Settings\Richard.RICHARD\Application Data\Real
2008-04-15 12:26:01 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-15 12:26:01 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-15 12:26:01 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-15 12:26:01 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-15 12:26:00 0 d-------- C:\WINDOWS\system32smp
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-04-15 12:26:00 4096 --a------ C:\WINDOWS\a.bat
2008-04-15 12:26:00 0 d-------- C:\Documents and Settings\Richard.RICHARD\Desktopvirii
2008-04-15 12:25:59 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-15 12:25:59 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-15 12:25:59 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-15 12:25:59 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-15 12:25:59 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-15 12:25:59 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-15 12:25:59 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-15 12:25:59 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-15 12:25:59 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-15 12:25:59 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-15 12:25:59 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-15 12:25:59 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-15 12:25:59 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-15 12:25:59 4096 --a------ C:\Documents and Settings\Richard.RICHARD\DesktopFWebdEditor.exe
2008-04-15 12:25:59 4096 --a------ C:\Documents and Settings\Richard.RICHARD\Desktopfwebd.exe
2008-04-15 12:25:59 4096 --a------ C:\Documents and Settings\Richard.RICHARD\Desktopfilemanagerclient.exe
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-15 12:25:58 4096 --a------ C:\WINDOWS\bdn.com
2008-04-15 12:25:30 110592 --a------ C:\WINDOWS\system32\olyxedmj.exe
2008-04-15 12:09:11 2212 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-15 12:08:46 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-15 12:08:46 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-15 12:08:46 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-15 12:08:45 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-15 12:08:45 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-15 12:08:45 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-15 12:08:45 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-15 11:48:46 0 d-------- C:\Documents and Settings\Richard.RICHARD\Application Data\Sun
2008-04-15 11:45:44 0 d-------- C:\WINDOWS\privacy_danger
2008-04-15 11:31:44 0 d-------- C:\Documents and Settings\Richard.RICHARD\Application Data\Macromedia
2008-04-15 11:27:54 0 d-------- C:\Documents and Settings\Richard.RICHARD\Complete
2008-04-15 11:27:20 0 d-------- C:\Documents and Settings\Richard.RICHARD\.limewire
2008-04-15 11:26:44 0 d-------- C:\Documents and Settings\Richard.RICHARD\Contacts
2008-04-15 11:26:28 0 d-------- C:\Documents and Settings\Richard.RICHARD\Phone Browser
2008-04-15 11:12:07 0 d-------- C:\Documents and Settings\Richard.RICHARD\Application Data\Google
2008-04-15 10:41:59 9195520 --a------ C:\Documents and Settings\Richard\ntuser.dat
2008-04-15 10:35:14 0 d-------- C:\Documents and Settings\Richard.RICHARD\Application Data\TmpRecentIcons
2008-04-15 10:29:16 0 dr-h----- C:\Documents and Settings\Richard.RICHARD\Recent
2008-04-15 10:29:16 0 d--h----- C:\Documents and Settings\Richard.RICHARD\PrintHood
2008-04-15 10:29:16 0 d--h----- C:\Documents and Settings\Richard.RICHARD\NetHood
2008-04-15 10:29:16 0 dr------- C:\Documents and Settings\Richard.RICHARD\My Documents
2008-04-15 10:29:16 0 d--h----- C:\Documents and Settings\Richard.RICHARD\Local Settings
2008-04-15 10:29:16 0 dr------- C:\Documents and Settings\Richard.RICHARD\Favorites
2008-04-15 10:29:16 0 d-------- C:\Documents and Settings\Richard.RICHARD\Desktop
2008-04-15 10:29:16 0 d--hs---- C:\Documents and Settings\Richard.RICHARD\Cookies
2008-04-15 10:29:16 0 dr-h----- C:\Documents and Settings\Richard.RICHARD\Application Data
2008-04-15 10:29:16 0 d-------- C:\Documents and Settings\Richard.RICHARD\Application Data\Identities
2008-04-15 10:29:15 0 d--h----- C:\Documents and Settings\Richard.RICHARD\Templates
2008-04-15 10:29:15 0 dr------- C:\Documents and Settings\Richard.RICHARD\Start Menu
2008-04-15 10:29:15 0 dr-h----- C:\Documents and Settings\Richard.RICHARD\SendTo
2008-04-15 10:29:15 1835008 --ah----- C:\Documents and Settings\Richard.RICHARD\NTUSER.DAT
2008-04-14 18:52:53 85056 --a------ C:\WINDOWS\system32\jsyoxiwe.dll
2008-04-14 18:49:46 53312 --a------ C:\WINDOWS\system32\oswvtksp.dll
2008-04-14 15:20:54 0 d-------- C:\Documents and Settings\Richard\Application Data\PC-Cleaner
2008-04-14 15:19:50 0 d-------- C:\Program Files\PC-Cleaner
2008-04-14 15:14:19 0 d-------- C:\Program Files\Trend Micro
2008-04-14 14:38:32 0 dr-h----- C:\Documents and Settings\Richard\Recent
2008-04-14 13:57:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-14 13:55:38 0 d-------- C:\Program Files\Yahoo!
2008-04-14 13:54:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 13:54:55 0 d-------- C:\Program Files\CCleaner
2008-04-14 13:25:06 0 d-------- C:\Documents and Settings\Richard\Application Data\Uniblue
2008-04-14 13:24:47 0 d-------- C:\Program Files\Uniblue
2008-04-13 21:10:05 0 d-------- C:\Documents and Settings\Richard\Application Data\DivX
2008-04-13 19:14:08 0 d-------- C:\Program Files\Norton Internet Security
2008-04-13 19:08:16 0 d-------- C:\Program Files\Symantec
2008-04-13 18:49:49 53312 --a------ C:\WINDOWS\system32\quduwjjt.dll
2008-04-13 18:44:36 0 d-------- C:\Program Files\Norton AntiVirus
2008-04-13 17:48:24 0 d-------- C:\Documents and Settings\Richard\Application Data\TmpRecentIcons
2008-04-13 17:43:32 0 d-------- C:\Program Files\winupdates
2008-04-13 17:43:13 0 d-------- C:\Program Files\ArcSoft
2008-04-13 16:49:47 0 d-------- C:\WINDOWS\privacy_danger(2)
2008-04-13 15:19:09 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-13 15:13:44 0 d-------- C:\Program Files\Windows Sidebar
2008-04-13 04:17:26 176973 --ahs---- C:\WINDOWS\system32\MVGiPqru.ini2
2008-04-13 04:17:21 272384 --a------ C:\WINDOWS\system32\urqPiGVM.dll
2008-04-13 04:05:18 167936 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-13 04:05:18 217088 --a------ C:\WINDOWS\dsktbwfe.dll
2008-04-13 04:05:12 0 d-------- C:\Program Files\Inet Delivery
2008-04-13 04:05:10 0 d-------- C:\WINDOWS\mslagent
2008-04-13 04:05:10 0 d-------- C:\Program Files\akl
2008-04-13 04:04:50 90112 --a------ C:\WINDOWS\system32\krmdopsb.exe
2008-04-13 04:04:50 0 d-------- C:\Documents and Settings\All Users\Application Data\qjcrohyr
2008-04-13 04:04:26 37888 --a------ C:\WINDOWS\system32\byXPGXNf.dll
2008-04-13 00:33:34 0 d-------- C:\divx
2008-04-13 00:27:28 0 d-------- C:\Documents and Settings\Richard\Application Data\LG Electronics
2008-04-13 00:27:04 0 d-------- C:\Program Files\DivX
2008-04-12 22:30:14 0 d-------- C:\Program Files\LG Electronics
2008-04-03 13:46:38 0 d-------- C:\Documents and Settings\Richard\Application Data\Talkback
2008-04-03 13:01:48 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 22:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 22:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 20:33:05 0 d-------- C:\Program Files\Optic Limited
2008-03-25 20:27:28 0 d-------- C:\Program Files\PartyGaming.Net
2008-03-22 00:17:05 0 d-------- C:\Program Files\BeloSoft
2008-03-21 21:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 21:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 21:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 21:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
-- Find3M Report ---------------------------------------------------------------
2008-04-15 13:35:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-15 11:01:32 2508 --a------ C:\Documents and Settings\Richard.RICHARD\Application Data\$_hpcst$.hpc
2008-04-14 13:54:59 0 d-------- C:\Program Files\Common Files
2008-04-13 17:44:00 0 d-------- C:\Program Files\Java
2008-04-13 17:43:23 0 d-------- C:\Program Files\TomTom HOME 2
2008-04-13 17:43:12 0 d-------- C:\Program Files\FairUse Wizard 2
2008-04-13 17:42:30 0 d-------- C:\Program Files\Google
2008-04-13 15:28:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-03 13:01:42 0 d-------- C:\Program Files\Common Files\Real
2008-03-28 21:54:54 0 d-------- C:\Program Files\MSN Messenger
2008-03-28 21:54:50 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-05 19:06:11 0 d-------- C:\Program Files\Windows Live
2008-03-05 19:04:40 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-25 18:18:28 0 d-------- C:\Program Files\TomTom DesktopSuite
2008-01-30 17:10:46 274432 --a------ C:\WINDOWS\system32\libcurl.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34A75400-077F-4E0E-BB38-B7F45BAEA819}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
14/04/2008 18:49 53312 --a------ C:\WINDOWS\system32\oswvtksp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63E88EAE-0DDA-423A-84DA-249FFA401F9A}]
13/04/2008 04:17 272384 --a------ C:\WINDOWS\system32\urqPiGVM.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}]
13/04/2008 04:04 37888 --a------ C:\WINDOWS\system32\byXPGXNf.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Workflow"="D:\Workflow.exe" []
"4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 12:23]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/09/2006 08:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [06/09/2006 02:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 17:38]
"10ac579d"="C:\WINDOWS\system32\jsyoxiwe.dll" [14/04/2008 18:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/04/2008 13:01]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 12:23]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [21/05/2007 23:13]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"cjqlmshf"="C:\WINDOWS\system32\olyxedmj.exe" [15/04/2008 12:25]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"b6BT4NQEsK"=C:\Documents and Settings\All Users\Application Data\qjcrohyr\ktkfmdql.exe
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}"= C:\WINDOWS\system32\byXPGXNf.dll [13/04/2008 04:04 37888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"dsktbwfe"= {263D7CED-2310-483A-8DD0-1AD3DDA7915D} - C:\WINDOWS\dsktbwfe.dll [13/04/2008 00:07 217088]
"ogxtsepr"= {7D700DEC-2E6C-41DF-8904-587DA3E6C0F1} - C:\WINDOWS\ogxtsepr.dll [13/04/2008 00:07 167936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdspz.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPGXNf]
byXPGXNf.dll 13/04/2008 04:04 37888 C:\WINDOWS\system32\byXPGXNf.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqPiGVM
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}]
C:\WINDOWS\system32\msnvl.exe
-- End of Deckard's System Scanner: finished at 2008-04-15 13:36:19 ------------
EXTRA.TXT
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 502.98 MiB / 191.05 MiB
Pagefile Memory (total/avail): 845.83 MiB / 371.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.03 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.31 GiB total, 5.94 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - SAMSUNG SP0411N - 37.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.31 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation) Disabled
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\\Documents and Settings\\Richard\\Local Settings\\Temp\\Temporary Directory 3 for S722.ZIP\\sin.exe"="C:\\Documents and Settings\\Richard\\Local Settings\\Temp\\Temporary Directory 3 for S722.ZIP\\sin.exe:*:Disabled:System Tray Aplet"
"C:\\Documents and Settings\\Richard\\Local Settings\\Temp\\Temporary Directory 8 for S722.ZIP\\sin.exe"="C:\\Documents and Settings\\Richard\\Local Settings\\Temp\\Temporary Directory 8 for S722.ZIP\\sin.exe:*:Disabled:System Tray Aplet"
"C:\\Program Files\\Global Star Software\\Airport Tycoon 3\\at3.exe"="C:\\Program Files\\Global Star Software\\Airport Tycoon 3\\at3.exe:*:Disabled:at3"
"C:\\Documents and Settings\\Richard\\Local Settings\\Temp\\Temporary Directory 1 for skream23.zip\\plisten.exe"="C:\\Documents and Settings\\Richard\\Local Settings\\Temp\\Temporary Directory 1 for skream23.zip\\plisten.exe:*:Disabled:plisten"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Richard\\Local Settings\\Temp\\Temporary Directory 1 for ipmonitor.zip\\Port Monitor v.1.1.exe"="C:\\Documents and Settings\\Richard\\Local Settings\\Temp\\Temporary Directory 1 for ipmonitor.zip\\Port Monitor v.1.1.exe:*:Disabled:Internet Protection"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows® NetMeeting®"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"="C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe:*:Enabled:artpschd"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Richard\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Sett
Edited by richt, 15 April 2008 - 06:57 AM.