trojan.fakealert and hijack.wallpaper

peterlakey · Jul 28, 2008

hello again and hope you can help . malwarebytes free has picked these up.
c:\docs and settings\peter\local settings\application data\microsoft\wallpaper.bmp (trojan fakealert)
and Deckard's System Scanner v20071014.68
Run by PETER on 2008-07-28 17:31:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
92: 2008-07-28 16:32:03 UTC - RP270 - Deckard's System Scanner Restore Point
91: 2008-07-27 19:02:56 UTC - RP269 - System Checkpoint
90: 2008-07-26 18:42:48 UTC - RP268 - Removed Sunbelt CounterSpy.
89: 2008-07-26 13:43:36 UTC - RP267 - CounterSpy - 26/07/2008 14:42:46
88: 2008-07-26 11:23:16 UTC - RP266 - Installed Sunbelt CounterSpy.

-- First Restore Point --
1: 2008-06-17 15:59:11 UTC - RP179 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as PETER.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:25, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\LifeView TVR\RecSche.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\PETER\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PETER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.tiscali.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min/nosplash
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66BB2427-AE33-4616-987C-4555DC1AB277}: NameServer = 212.74.112.66,212.74.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3D3C371-7EBB-4AFA-82ED-93C170F4CD71}: NameServer = 212.139.132.4 212.139.132.5
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - http://www.bbc.co.uk/comedy/twopints/images/640/wallpaper15.jpg

--
End of file - 8985 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SnoopFree (SnoopFree Driver) - c:\windows\system32\drivers\snopfree.sys
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R1 USIUDF - c:\windows\system32\drivers\usiudf.sys <Not Verified; Ulead Systems, Inc.; Ulead UDF File System Driver>
R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 AsapiW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 Cap7134 (LifeView WDM Video Capture) - c:\windows\system32\drivers\lvcap214.sys <Not Verified; Animation Technologies Inc.; lvcap214.sys>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 PhTVTune (Philips WDM TVTuner) - c:\windows\system32\drivers\silicon.sys <Not Verified; Philips Semiconductors; Philips TVTuner WDM Driver>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>
R3 ULCDRHlp - c:\windows\system32\drivers\ulcdrhlp.sys <Not Verified; Ulead Systems, Inc.; Ulead CD/DVD Burning Engine>

S0 antispyware - c:\windows\system32\drivers\antispyware.sys (file missing)
S1 cdr4_2k - c:\windows\system32\drivers\cdr4_2k.sys <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
S2 OMSCAN - \sys??� (file missing)
S3 BOCDRIVE (BOClean Kernel Monitor.) - c:\program files\comodo\cboclean\bocdrive.sys (file missing)
S3 D500M - c:\windows\system32\drivers\d500m.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 D500U - c:\windows\system32\drivers\d500u.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 giveio - c:\windows\system32\giveio.sys
S3 k750bus (Sony Ericsson 750 driver (WDM)) - c:\windows\system32\drivers\k750bus.sys <Not Verified; MCCI; Sony Ericsson 750>
S3 k750mdfl (Sony Ericsson 750 USB WMC Modem Filter) - c:\windows\system32\drivers\k750mdfl.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC Modem Filter Driver>
S3 k750mdm (Sony Ericsson 750 USB WMC Modem Drivers) - c:\windows\system32\drivers\k750mdm.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC Modem>
S3 k750mgmt (Sony Ericsson 750 USB WMC Device Management Drivers) - c:\windows\system32\drivers\k750mgmt.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC Device Management>
S3 k750obex (Sony Ericsson 750 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\k750obex.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC OBEX Interface>
S3 MaRdPnp - c:\windows\system32\drivers\mardp2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SE2Ebus (Sony Ericsson Device 046 Driver driver (WDM)) - c:\windows\system32\drivers\se2ebus.sys <Not Verified; MCCI; Sony Ericsson Device 046 Driver>
S3 SE2Emdfl (Sony Ericsson Device 046 USB WMC Modem Filter) - c:\windows\system32\drivers\se2emdfl.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Modem Filter Driver>
S3 SE2Emdm (Sony Ericsson Device 046 USB WMC Modem Driver) - c:\windows\system32\drivers\se2emdm.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Data Modem>
S3 SE2Emgmt (Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se2emgmt.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Device Management>
S3 se2End5 (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS)) - c:\windows\system32\drivers\se2end5.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB Ethernet Emulation>
S3 SE2Eobex (Sony Ericsson Device 046 USB WMC OBEX Interface) - c:\windows\system32\drivers\se2eobex.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC OBEX Interface>
S3 se2Eunic (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM)) - c:\windows\system32\drivers\se2eunic.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB Ethernet Emulation>
S3 Ser2pl (USB Filter Driver) - c:\windows\system32\drivers\ser2pl.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable>
S3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 Capture Device Service - "c:\program files\common files\intervideo\deviceservice\devsvc.exe" <Not Verified; InterVideo Inc.; Capture Device Service>
R2 SnoopFreeSvc (Snoop Free Service) - system32\snoopfreesvc.exe

S4 Iomega Activity Disk2 -

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 17:35:04 0 d-------- C:\Program Files\Trend Micro
2008-07-28 15:57:24 0 dr-h----- C:\Documents and Settings\PETER\Recent
2008-07-26 20:00:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-26 20:00:35 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-26 19:50:52 0 d-------- C:\Documents and Settings\PETER\Application Data\WinPatrol
2008-07-26 19:50:43 0 d-------- C:\Program Files\BillP Studios
2008-07-26 19:47:50 0 d-------- C:\ie-spyad_zo
2008-07-26 19:40:26 322518 --a------ C:\Program Files\ie-spyad_zo.exe
2008-07-26 13:03:37 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-07-26 13:03:37 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-07-26 12:24:24 0 d-------- C:\Documents and Settings\PETER\Application Data\Sunbelt Software
2008-07-25 22:27:08 0 d-------- C:\Program Files\hosts
2008-07-25 18:02:06 0 d-------- C:\Documents and Settings\PETER\Application Data\Malwarebytes
2008-07-25 18:01:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-25 18:01:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-25 16:27:10 0 d-------- C:\Program Files\RogueRemover FREE
2008-07-24 00:41:18 0 d-------- C:\Program Files\SpywareGuard
2008-07-24 00:35:12 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-24 00:35:07 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-07-24 00:35:07 0 d-------- C:\Program Files\SpywareBlaster
2008-07-24 00:26:16 2062665 --a------ C:\Program Files\spywareguardsetup.exe
2008-07-23 18:29:14 0 d-------- C:\Program Files\Advanced Privacy Cleaner
2008-07-23 18:19:02 697507 --a------ C:\Program Files\apcleaner.exe <Not Verified; Retina-X Studios, LLC; >
2008-07-23 00:48:51 45056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2008-07-23 00:48:50 90112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe
2008-07-23 00:48:50 9472 --a------ C:\WINDOWS\system32\drivers\SnopFree.sys
2008-07-23 00:48:50 221184 --a------ C:\WINDOWS\SnoopFreeUI.exe <Not Verified; SnoopFree Software; SnoopFree Privacy Shield>
2008-07-23 00:04:22 0 d-------- C:\Documents and Settings\All Users\Application Data\BOC427
2008-07-21 02:01:10 0 d-------- C:\Documents and Settings\PETER\Application Data\Auslogics
2008-07-21 01:57:58 0 d-------- C:\Program Files\RegVac Registry Cleaner
2008-07-18 13:38:48 0 d-------- C:\Documents and Settings\PETER\Application Data\Samsung
2008-07-18 12:34:22 174592 --a------ C:\WINDOWS\system32\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 12:33:51 0 d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-07-18 12:32:59 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-07-18 12:32:39 0 d-------- C:\Program Files\Samsung
2008-07-16 00:26:54 0 d-------- C:\Program Files\Lavasoft
2008-07-16 00:26:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-09 17:20:15 348160 --a------ C:\WINDOWS\system32\WMAFile.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2008-07-09 17:20:15 479232 --a------ C:\WINDOWS\system32\AudioVisu.dll <Not Verified; NCT Company Ltd.; NCTAudioVisualization2 ActiveX DLL>
2008-07-09 17:20:15 454656 --a------ C:\WINDOWS\system32\AudioRecord.dll <Not Verified; NCT Company Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-07-09 17:20:14 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2008-07-09 17:20:14 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-07-09 17:20:14 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2008-07-09 17:20:14 458752 --a------ C:\WINDOWS\system32\AudPlayer.dll <Not Verified; NCT Company Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-07-09 17:20:14 1212416 --a------ C:\WINDOWS\system32\AudioInfos.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-07-09 17:20:14 1986560 --a------ C:\WINDOWS\system32\AudFile.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-07-09 17:20:14 417792 --a------ C:\WINDOWS\system32\AudDisplay.dll <Not Verified; NCT Company Ltd.; NCTAudioDisplay2 ActiveX DLL>
2008-07-09 17:20:14 2084864 --a------ C:\WINDOWS\system32\AudDesign.dll <Not Verified; NCT Company Ltd.; NCTAudioDesign2 ActiveX DLL>
2008-07-09 17:20:13 21504 --a------ C:\WINDOWS\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32>
2008-07-09 17:20:13 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-07-09 17:20:13 59904 --a------ C:\WINDOWS\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2008-07-09 17:20:12 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-07-09 16:59:10 0 d-------- C:\Program Files\WM Converter
2008-07-09 16:58:08 12088071 --a----c- C:\Program Files\wmconverter_2_0.exe <Not Verified; ; WM Converter 2.0 Install Program>
2008-07-03 17:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-03 17:21:38 0 d-------- C:\Program Files\NOS
2008-07-01 20:47:35 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-06-29 13:19:25 0 d-------- C:\Documents and Settings\PETER\Application Data\Sony
2008-06-29 13:19:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-06-29 12:39:43 0 d-------- C:\Documents and Settings\PETER\Application Data\Sony Setup
2008-06-29 12:37:01 0 d-------- C:\Program Files\Sony Setup
2008-06-29 12:25:30 0 d-------- C:\Program Files\Avanquest update

-- Find3M Report ---------------------------------------------------------------

2008-07-26 19:53:31 15872 --ahs--c- C:\Program Files\Thumbs.db
2008-07-26 14:44:53 0 d-------- C:\Program Files\Power Sound Editor Free
2008-07-25 22:26:21 162031 --a------ C:\Program Files\hosts.zip
2008-07-25 19:08:03 0 d-------- C:\Program Files\Mobile Action
2008-07-25 19:08:03 0 d-------- C:\Program Files\Jgl_Rt1
2008-07-23 00:45:56 350279 --a------ C:\Program Files\PSHLD100.ZIP
2008-07-23 00:14:06 0 d-------- C:\Program Files\COMODO
2008-07-18 14:53:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-17 11:47:58 0 d-------- C:\Documents and Settings\PETER\Application Data\ImgBurn
2008-07-16 01:51:10 0 d-------- C:\Program Files\CyberLink
2008-07-16 01:49:19 0 d-------- C:\Program Files\Common Files
2008-07-16 00:25:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-11 09:08:22 0 d-------- C:\Program Files\Sony Ericsson
2008-07-11 09:02:02 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-07-10 10:28:48 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-07-09 18:02:53 0 d-------- C:\Documents and Settings\PETER\Application Data\Adobe
2008-07-08 01:27:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-08 01:26:10 0 d-------- C:\Program Files\Common Files\HP
2008-07-05 01:54:54 0 d-------- C:\Program Files\InterVideo
2008-07-03 23:56:04 0 d-------- C:\Documents and Settings\PETER\Application Data\Sony Ericsson
2008-07-01 23:41:32 0 d-------- C:\Documents and Settings\PETER\Application Data\Power Sound Editor Free
2008-06-29 14:53:58 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-06-29 14:53:42 0 d-------- C:\Program Files\Sony
2008-06-29 13:00:08 32708 --a----c- C:\Documents and Settings\PETER\Application Data\wklnhst.dat
2008-06-29 01:18:47 0 d-------- C:\Program Files\SlySoft
2008-06-10 19:48:32 203779 --a----c- C:\Program Files\Update.EZHex
2008-06-10 19:39:55 159123 --a----c- C:\Program Files\LatestFirmware.EZUp
2008-06-10 18:29:56 0 d-------- C:\Documents and Settings\PETER\Application Data\Mozilla
2008-06-10 02:39:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-06 02:02:58 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-06 01:37:43 18211782 --a----c- C:\Program Files\klmcodec395.exe <Not Verified; ; K-Lite Mega Codec Pack>
2008-06-02 16:40:27 0 d-------- C:\Program Files\LimeWire
2008-05-18 21:51:39 933 --a----c- C:\Program Files\Spybot - Search & Destroy.lnk
2008-05-15 23:50:46 1837632 --a----c- C:\Program Files\Safecom.exe <Not Verified; ; SafeCom Quick Setup Install Program>
2008-05-15 19:54:35 1939160 --a----c- C:\Program Files\SetupImgBurn_2.4.1.0.exe <Not Verified; LIGHTNING UK!; ImgBurn>
2008-05-09 20:55:04 2228534 --a----c- C:\Program Files\audacity-win-1.2.6.exe
2008-05-09 18:32:28 14843984 --a----c- C:\Program Files\PowerSoundEditorFree.exe <Not Verified; PowerSE Studio; Power Sound Editor Free>
2008-05-09 13:48:04 45056 --a----c- C:\WINDOWS\extremeclock.scr <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-05-07 04:14:51 557056 --a----c- C:\WINDOWS\uninstal.exe
2008-05-06 10:13:27 2254 --a----c- C:\Program Files\Ulead Quick-Drop 1.0.lnk
2008-05-01 23:15:30 4212 ---h---c- C:\WINDOWS\system32\zllictbl.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [20/08/2002 11:29]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [21/07/2008 10:45]
"USIUDF_Eject_Monitor"="C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe" [23/12/2004 17:27]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [03/06/2008 15:03]
"RecSche"="C:\Program Files\LifeView TVR\RecSche.exe" [27/08/2004 11:19]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [16/03/2005 10:56]
"Ulead Quick-Drop"="C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator\Ulead Quick-Drop 1.0\Quick-Drop.exe" [11/07/2005 11:21]
"SnoopFreeUI"="SnoopFreeUI.exe" [23/07/2008 00:48 C:\WINDOWS\SnoopFreeUI.exe]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [04/07/2008 17:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [28/03/2008 16:33]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 20:00]

C:\Documents and Settings\PETER\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29/08/2003 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [06/05/2008 12:23:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0 (0x0)
"EditLevel"=0 (0x0)
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoStartMenuMFUprogramsList"=1 (0x1)
"NoStartMenuPinnedList"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Harmony Remote.lnk]
backup=C:\WINDOWS\pss\Logitech Harmony Remote.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
"C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26f9bccd-5238-11d9-9f5b-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7ff2831-4e39-11d9-9859-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1 www.a9rhiwa.cn
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.netDeckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 3.06GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 502.73 MiB / 186.89 MiB
Pagefile Memory (total/avail): 1472.95 MiB / 1173.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1897.97 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 71.1 GiB total, 55.87 GiB free.
D: is Fixed (FAT32) - 3.41 GiB total, 1.53 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Fixed (FAT32) - 37.24 GiB total, 18.54 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD800BB-22JHA0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 71.1 GiB - C:
\PARTITION1 - Unknown - 3.42 GiB - D:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE1 - Hitachi HTS541640J9AT00 USB Device - 37.26 GiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 37.25 GiB - K:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: Avira AntiVir PersonalEdition v8.0.1.26 (Avira GmbH) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PETER\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-AFA3809D72
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PETER
LOGONSERVER=\\YOUR-AFA3809D72
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PETER\LOCALS~1\Temp
TMP=C:\DOCUME~1\PETER\LOCALS~1\Temp
USERDOMAIN=YOUR-AFA3809D72
USERNAME=PETER
USERPROFILE=C:\Documents and Settings\PETER
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

PETER (admin)
IMOGEN (admin)
JULIEHANLAUR (admin)
JON (admin)
JULIETTE (admin)
MELISS (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Effects Pack --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Advanced Privacy Cleaner 1.1 --> "C:\Program Files\Advanced Privacy Cleaner\unins000.exe"
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AOL Coach Version 1.0(Build:20040201.2 uk) --> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL UK (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_uk.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
ASAPI Update --> C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
Avira AntiVir Personal - Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Canon EOS-1D Mark II WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}
Canon EOS-1Ds Mark II WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{652C4ADF-0A29-4B02-9211-EE61675847DE}
Canon EOS 20D WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}
Canon Utilities EOS Capture 1.2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{74BE7519-41A7-45A8-8AA6-78C7907A4808}
Canon Utilities EOS Viewer Utility 1.2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{750CF8D7-4B04-404F-AFA2-14C129C42373}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Defraggler (remove only) --> "C:\Program Files\Defraggler\uninst.exe"
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Disc2Phone --> MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Freecom Personal Media Suite 2.28 --> "C:\Program Files\Freecom Personal Media Suite\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HP Unload DLL Patch --> MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
ImgBurn --> "C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
InterVideo AVControlSDK --> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe"
InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
K-Lite Mega Codec Pack 3.9.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
L&H TTS3000 British English --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
LifeView 713X WDM Driver --> C:\WINDOWS\system32\SETUP.EXE
LifeView TVR --> C:\Program Files\LifeView TVR\Uninstal.EXE
LimeWire PRO 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
MediaFACE 4.01 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{41979C2F-34B8-4F92-8111-B13C5864682D} /l1033
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Converter Pack --> MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Motorola Driver Installation 3.2.0 --> MsiExec.exe /I{D6A1E429-CCE1-4140-A615-710B806D12BA}
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OpenMG Limited Patch 4.0-04-08-02-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.0-04-08-02-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.0.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6F1974D6-4249-43B6-88B0-9A9B8A33956C} /l1033 UNINSTALL
Portable MP3 Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20B5E4D0-6DFE-4D5F-B96F-C3B91F272B2D}\setup.exe" -l0x9
Power Sound Editor Free v5.7.5 --> "C:\Program Files\Power Sound Editor Free\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Samsung E350/E358 USB - Handset Manager V9.2 --> MsiExec.exe /I{A918DE8A-98C8-0920-0000-000000220007}
Samsung USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Smart Link 56K Voice Modem --> C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
SnoopFree Privacy Shield --> SnoopFreeUI.exe /U
SonicStage 2.1.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Ericsson Media Manager 1.2 --> MsiExec.exe /X{9EB1504E-FD95-4BCD-8E93-B4039F59C469}
Sony Ericsson PC Suite --> MsiExec.exe /I{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}
Sony Ericsson PC Suite 3.209.00 --> C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
Spin It Again --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Ulead Data-Add 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD8E6D29-95EC-494E-8AF5-566E784819A6}\setup.exe" -l0x9
Ulead DVD MovieFactory 4.0 Disc Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}\setup.exe" -l0x9
USB-IrDA Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\Setup.exe" -l0x9
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPatrol 2008 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0

-- Application Event Log -------------------------------------------------------

Event Record #/Type18185 / Error
Event Submitted/Written: 07/23/2008 00:12:25 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application unboc.exe, version 4.2.7.1, faulting module unboc.exe, version 4.2.7.1, fault address 0x00003f4c.
Processing media-specific event for [unboc.exe!ws!]

Event Record #/Type18184 / Error
Event Submitted/Written: 07/23/2008 00:12:07 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application unboc.exe, version 4.2.7.1, faulting module unboc.exe, version 4.2.7.1, fault address 0x00003f4c.
Processing media-specific event for [unboc.exe!ws!]

Event Record #/Type18058 / Error
Event Submitted/Written: 07/16/2008 00:22:21 AM
Event ID/Source: 0 / Spybot - Search & Destroy
Event Description:
Version: 1.6.0
Build: 20080707
Exception: Access violation at address 0051FB47 in module 'SpybotSD.exe'. Read of address 0000003A

Event Record #/Type18025 / Warning
Event Submitted/Written: 07/11/2008 00:23:39 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Dldr.HTML.Agent.ISC:\Documents and Settings\PETER\Local Settings\Temporary Internet Files\Content.IE5\HDSZCLI4\wp-stats[1].htm

Event Record #/Type17938 / Error
Event Submitted/Written: 07/08/2008 01:17:38 AM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Director -- Error 1706.No valid source could be found for product Director. The Windows Installer cannot continue.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type119688 / Error
Event Submitted/Written: 07/28/2008 04:18:38 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
abp480n5
adpu160m
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
antispyware
asc
asc3350p
asc3550
cbidf
cd20xrnt
cdr4_2k
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Event Record #/Type119686 / Error
Event Submitted/Written: 07/28/2008 04:18:38 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The IPSEC Services service terminated with the following error:
%%1747

Event Record #/Type119685 / Error
Event Submitted/Written: 07/28/2008 04:18:38 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The OMSCAN service failed to start due to the following error:
%%2

Event Record #/Type119682 / Error
Event Submitted/Written: 07/28/2008 04:17:18 PM / 07/28/2008 04:18:18 PM
Event ID/Source: 876 / Application Popup
Event Description:
Driver cdr4_2k.SYS has been blocked from loading.

Event Record #/Type119681 / Error
Event Submitted/Written: 07/28/2008 04:17:18 PM / 07/28/2008 04:18:18 PM
Event ID/Source: 876 / Application Popup
Event Description:
Driver cdr4_2k.SYS has been blocked from loading.

-- End of Deckard's System Scanner: finished at 2008-07-28 17:36:50 ------------

many thanks in advance for your continued patience and expertise . regards peterlakey
127.0.0.1 b.abnad.net

18879 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-07-28 17:36:50 ------------

hkey_current_user\control panel\desktop\originalwallpaper (hijack.wallpaper)
and
hkey_current_user\control panel\desktop\wallpaper (hijack wallpaper).
It's playing the wallpaper up but i'm worried it will lead to other probs . malbytes removed it but it recurrs . peter

trojan.fakealert and hijack.wallpaper

Top Contributors this Month

Recommended Communities