Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Problem File Problem File
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 04-03-2007, 05:01 PM   #1 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 14
OS: Windows XP Media Center


Problem File
Hi. Here's the results of hijack this/DSS as requested from the XP forum.

http://www.techsupportforum.com/micr...addresses.html

Deckard's System Scanner v20070328.36
Run by Neil on 2007-04-03 at 23:53:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
129: 2007-04-03 22:53:06 UTC - RP179 - Deckard's System Scanner Restore Point
128: 2007-04-03 21:25:19 UTC - RP178 - Removed Taksi Desktop Video Recorder v0.765
127: 2007-04-03 21:20:25 UTC - RP177 - Installed Taksi Desktop Video Recorder v0.765
126: 2007-04-03 21:19:20 UTC - RP176 - Removed Taksi Desktop Video Recorder v0.765
125: 2007-04-03 21:15:19 UTC - RP175 - Installed Taksi Desktop Video Recorder v0.765


-- First Restore Point --
1: 2007-01-24 23:35:43 UTC - RP51 - Software Distribution Service 2.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Neil.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:54:50, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Verball\VerballSkypeApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\TalkTalk Online Security\backweb\81720\program\fsbwsys.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fssm32.exe
C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
C:\Program Files\TalkTalk Online Security\Common\FSMB32.EXE
C:\Program Files\TalkTalk Online Security\backweb\81720\Program\fspex.exe
C:\Program Files\TalkTalk Online Security\Common\FCH32.EXE
C:\Program Files\TalkTalk Online Security\Common\FAMEH32.EXE
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsrw.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\TALKTA~1\ANTI-S~1\fsaw.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\TalkTalk Online Security\FSGUI\fsguidll.exe
C:\Documents and Settings\Neil\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Neil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thedees.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://espn.go.com/motion/detect.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TalkTalk Online Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\TalkTalk Online Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\TalkTalk Online Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Verball] "C:\Program Files\Verball\VerballSkypeApp.exe"
O4 - HKLM\..\Run: [SurfAnonymous] C:\Program Files\SurfAnonymous\SurfAnonymous.exe -1
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ProxyWay] F:\proxyway extra v3.2 full\proxyway.exe
O4 - HKCU\..\Run: [gAnonymousPE] C:\Program Files\GetAnonymous 2.2 Personal\GetAnonymousP.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: TalkTalk Online Security.lnk = C:\Program Files\TalkTalk Online Security\backweb\81720\Program\fspex.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Block this popup - C:\Program Files\TalkTalk Online Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\TalkTalk Online Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\TalkTalk Online Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk/
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: TalkTalk Online Security (BackWeb Plug-in - 81720) - BackWeb Technologies Inc. - C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\TalkTalk Online Security\backweb\81720\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys
R1 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\talktalk online security\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\talktalk online security\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\talktalk online security\anti-virus\win2k\fsrec.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys
R3 HBtnKey - c:\windows\system32\drivers\cpqbttn.sys
R3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys
R3 HSFHWAZL - c:\windows\system32\drivers\hsfhwazl.sys
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys
R3 MQAC (Message Queuing access control) - c:\windows\system32\drivers\mqac.sys
R3 RMCAST (Reliable Multicast Protocol driver) - c:\windows\system32\drivers\rmcast.sys
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys

S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys
S3 BCM43XX (Broadcom 802.11 Network Adapter Driver) - c:\windows\system32\drivers\bcmwl5.sys
S3 eabusb - c:\windows\system32\drivers\eabusb.sys
S3 sdbus - c:\windows\system32\drivers\sdbus.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S4 cbidf - c:\windows\system32\drivers\cbidf2k.sys
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BackWeb Plug-in - 81720 (TalkTalk Online Security) - c:\progra~1\talkta~1\backweb\81720\program\servic~1.exe
R2 fsbwsys - "c:\program files\talktalk online security\backweb\81720\program\fsbwsys.exe"
R2 F-Secure Gatekeeper Handler Starter (FSGKHS) - "c:\program files\talktalk online security\anti-virus\fsgk32st.exe"
R2 FSMA (F-Secure Management Agent) - "c:\program files\talktalk online security\common\fsma32.exe"
R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "c:\program files\talktalk online security\fwes\program\fsdfwd.exe"

S2 MSMQ (Message Queuing) - c:\windows\system32\mqsvc.exe
S2 MSMQTriggers (Message Queuing Triggers) - c:\windows\system32\mqtgsvc.exe
S2 navapsvc (Norton AntiVirus Auto-Protect Service) - "c:\program files\norton internet security\norton antivirus\navapsvc.exe" (file missing)
S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\magix\common\database\bin\fbserver.exe
S3 MHN - c:\windows\system32\svchost.exe -k netsvcs


-- Scheduled Tasks -------------------------------------------------------------

2007-04-03 01:03:05 544 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job<SCHEDU~1.JOB>


-- Files created between 2007-03-03 and 2007-04-03 -----------------------------

2007-04-03 22:15:22 0 d-------- C:\Tmp
2007-04-03 19:47:42 0 d-------- C:\Program Files\Hide My IP 2007<HIDEMY~1>
2007-03-31 17:22:18 0 d-------- C:\Documents and Settings\Neil\Application Data\FreeCap
2007-03-31 15:19:27 32 --a------ C:\WINDOWS\go
2007-03-31 13:37:28 0 d-------- C:\WINDOWS\system32\cache
2007-03-29 21:04:52 0 d-------- C:\Program Files\KONAMI
2007-03-23 23:15:15 39424 --a------ C:\WINDOWS\YAXUninst.exe<YAXUNI~1.EXE>
2007-03-23 14:15:32 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll<XINPUT~3.DLL>
2007-03-23 14:15:32 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll<XACTEN~4.DLL>
2007-03-23 14:15:11 2297552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-03-23 12:09:47 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-03-18 12:30:07 528384 --a------ C:\WINDOWS\system32\Astro Gemini Screensaver Manager.scr<ASTROG~1.SCR>
2007-03-18 12:30:04 10366976 --a------ C:\WINDOWS\system32\3D Waterfall Screensaver.scr<3DWATE~1.SCR>
2007-03-18 12:30:04 0 d-------- C:\Program Files\Astro Gemini Software<ASTROG~1>
2007-03-17 1918 266240 --a------ C:\WINDOWS\system32\Mp3Doctor2.dll<MP3DOC~2.DLL>
2007-03-17 1918 1089536 --a------ C:\WINDOWS\system32\Mp3Doctor1.dll<MP3DOC~1.DLL>
2007-03-17 1918 204800 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-03-17 1918 90112 --a------ C:\WINDOWS\system32\ID3v23xBase.DLL<ID3V23~1.DLL>
2007-03-17 18:57:30 22528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-03-17 18:57:30 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-03-17 18:40:57 46 --a------ C:\WINDOWS\system32\uppim.dll
2007-03-17 15:45:58 0 d-------- C:\WINDOWS\system32\flashax
2007-03-15 23:55:24 0 d-------- C:\Documents and Settings\Neil\Application Data\Ahead
2007-03-15 23:49:54 2916352 -----n--- C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE>
2007-03-15 23:49:54 24064 -----n--- C:\WINDOWS\system32\msxml3a.dll
2007-03-15 23:45:47 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll
2007-03-15 23:45:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-03-15 23:45:46 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-15 23:45:45 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll
2007-03-15 23:45:45 476320 -----n--- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-15 23:45:44 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll
2007-03-15 23:45:43 106496 -----n--- C:\WINDOWS\system32\TwnLib20.dll
2007-03-15 23:45:43 38912 -----n--- C:\WINDOWS\system32\picn20.dll
2007-03-15 23:45:28 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-15 23:45:20 0 d-------- C:\Program Files\Ahead
2007-03-15 00:05:18 0 d-------- C:\Program Files\MOVAVI
2007-03-15 00:05:08 0 d-------- C:\Program Files\MOVAVI VideoSuite 3.4<MOVAVI~1.4>
2007-03-14 2317 5 --a------ C:\WINDOWS\system32\SySVid.dat
2007-03-14 23:05:38 3082 --a------ C:\WINDOWS\system32\affv11300p4now.sys<AFFV11~1.SYS>
2007-03-10 21:07:08 0 d-------- C:\Documents and Settings\Neil\Application Data\SopCast
2007-03-10 20:52:30 8192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-03-10 20:52:30 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-03-10 20:52:30 6144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-03-10 20:52:30 5632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-03-10 20:52:30 6144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-03-10 20:52:27 6144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-03-07 20:28:04 0 d-------- C:\Program Files\SopCast
2007-03-06 20:47:56 0 d-------- C:\Documents and Settings\Neil\Application Data\Skype
2007-03-06 20:47:52 0 d-------- C:\Program Files\Common Files\Skype
2007-03-06 20:47:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-03-06 20:47:23 0 d-------- C:\Program Files\Skype
2007-03-06 20:44:22 0 d-------- C:\Program Files\Verball
2007-03-06 20:42:50 21504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-06 20:42:47 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-03-06 20:42:38 59264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-03-05 20:31:11 0 d-------- C:\Documents and Settings\Neil\Application Data\ppstream


-- Find3M Report ---------------------------------------------------------------

2007-04-03 23:52:46 0 d-------- C:\Documents and Settings\Neil\Application Data\uTorrent
2007-04-03 16:48:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-04-02 23:22:24 0 d-------- C:\Program Files\Java
2007-04-02 22:23:20 0 d-------- C:\Program Files\uTorrent
2007-03-31 18:25:50 0 d-------- C:\Documents and Settings\Neil\Application Data\Mozilla
2007-03-29 21:22:25 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-15 23:30:04 2572 --a------ C:\WINDOWS\WINDVDBOOTRECDOE.sys<WINDVD~1.SYS>
2007-03-14 23:31:59 0 d-------- C:\Program Files\RGB
2007-03-08 16:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 23:35:25 0 d-------- C:\Program Files\DIGStream<DIGSTR~1>
2007-03-05 23:35:24 0 d-------- C:\Program Files\ESPNMotion<ESPNMO~1>
2007-03-05 23:16:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-02 20:26:48 0 d-------- C:\Documents and Settings\Neil\Application Data\F-Secure
2007-03-02 20:24:55 0 d-------- C:\Program Files\SupportSoft<SUPPOR~1>
2007-03-02 20:17:14 0 d-------- C:\Program Files\TalkTalk Online Security<TALKTA~1>
2007-03-02 20:15:45 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-02 20:14:05 0 d-------- C:\Program Files\Symantec
2007-03-02 20:05:10 0 d-------- C:\Program Files\Common Files\SupportSoft<SUPPOR~1>
2007-03-02 00:36:42 0 d-------- C:\Documents and Settings\Neil\Application Data\Symantec
2007-03-02 00:36:33 0 d-------- C:\Documents and Settings\Neil\Application Data\ispnews
2007-02-28 19:47:59 0 d-------- C:\Program Files\TalkTalk
2007-02-28 18:11:29 0 d-------- C:\Documents and Settings\Neil\Application Data\SlySoft
2007-02-24 17:15:38 0 d-------- C:\Program Files\SlySoft
2007-02-24 17:12:41 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-02-23 23:04:18 0 d-------- C:\Program Files\Screendragon VS4<SCREEN~1>
2007-02-23 23:04:18 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-23 23:04:18 0 d-------- C:\Program Files\MVAPPS
2007-02-23 23:04:15 0 d-------- C:\Program Files\HPQ
2007-02-23 23:04:13 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-02-23 23:04:11 0 d-------- C:\Program Files\DivX
2007-02-23 23:04:11 0 d-------- C:\Program Files\Common Files\Roxio Shared<ROXIOS~1>
2007-02-23 23:04:11 0 d-------- C:\Program Files\Common Files\MAGIX Shared<MAGIXS~1>
2007-02-23 23:04:11 0 d-------- C:\Program Files\Common Files\AOL
2007-02-19 23:56:19 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-02-19 23:56:18 0 d-------- C:\Program Files\Sonic
2007-02-15 1547 0 d-------- C:\Documents and Settings\Neil\Application Data\DivX
2007-02-06 21:03:37 0 d-------- C:\Program Files\Easy CD & DVD Cover Creator<EASYCD~1>
2007-02-05 20:51:35 0 d-------- C:\Documents and Settings\Neil\Application Data\GetRightToGo<GETRIG~1>
2007-02-05 20:31:39 0 d-------- C:\Program Files\Google
2007-01-31 00:15:10 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-01-30 06:03:34 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-01-30 06:03:34 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-30 06:03:34 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-01-30 06:03:26 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-30 06:03:26 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-30 05:56:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-30 05:56:52 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-25 00:34:52 292 --a------ C:\Documents and Settings\Neil\Application Data\wklnhst.dat
2007-01-07 00:04:04 187 --a------ C:\Documents and Settings\Neil\Application Data\G-Force Prefs (WindowsMediaPlayer).txt<G-FORC~1.TXT>
2007-01-05 15:42:48 335 --a------ C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"ProxyWay"="F:\\proxyway extra v3.2 full\\proxyway.exe"
"gAnonymousPE"="C:\\Program Files\\GetAnonymous 2.2 Personal\\GetAnonymousP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\
74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\
68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\
61,72,74,00
"Cpqset"="C:\\Program Files\\Hewlett-Packard\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"F-Secure Manager"="\"C:\\Program Files\\TalkTalk Online Security\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\TalkTalk Online Security\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\TalkTalk Online Security\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\TalkTalk Online Security\\FSGUI\\ispnews.exe\""
"TalkTalk"="\"C:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe\" /P TalkTalk"
"DIGStream"="C:\\Program Files\\DIGStream\\digstream.exe"
"Verball"="\"C:\\Program Files\\Verball\\VerballSkypeApp.exe\""
@=hex(2):00
"SurfAnonymous"="C:\\Program Files\\SurfAnonymous\\SurfAnonymous.exe -1"
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9677c3d6-b2f9-11db-9315-0018de7ec1f2}]
Shell\AutoRun\command setupSNK.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4f31765-95d2-11db-92bd-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


-- End of Deckard's System Scanner: finished at 2007-04-03 at 23:55:14 ---------
Attached Files
File Type: txt extra.txt (12.8 KB, 2 views)
Last edited by Glaswegian : 04-03-2007 at 05:22 PM. Reason: Added link to original thread
neilsinc is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-03-2007, 07:16 PM   #2 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,584
OS: Windows XP Pro


Re: Problem File
Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

Please be patient with me during this time.
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-03-2007, 08:33 PM   #3 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,584
OS: Windows XP Pro


Re: Problem File
Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

Download LSPFix.exe

Instructions for using LSPFix
  1. Double click on LSPFix.exe to run it.
  2. Once running, you will be required to tick the disclaimer - "I know what I'm doing".
  3. You'll find a windows with 2 panes.
    In the left pane which is labeled 'Keep', select all instances of:
    • proxyfilter.dll
  4. Then click on the arrow pointing to the right, >>.
    This will move the entry to the right pane labeled 'Remove'
  5. Click the Finish button to complete the fix.
Only proxyfilter.dll needs to be removed. If you see any other entries in the right pane, move them back to the "Keep" pane & post the filenames to inform me.

---------------------------------------------------------------------------------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Viewpoint Media Player
Yazzle by Outerinfo

---------------------------------------------------------------------------------------------

Delete the following Folders indicated in BLUE if they still exist.

C:\Program Files\Viewpoint
c:\program files\hide my ip 2007

---------------------------------------------------------------------------------------------

It appears as though there are parts of Norton Anti-Virus still installed on your system.

Please use the instructions on this page to completely uninstall your Norton Products.

---------------------------------------------------------------------------------------------

Run Deckard's System Scanner (dss.exe) again, and post the resulting log.

---------------------------------------------------------------------------------------------

How is your internet connectivity now? Once we get your connection stable we will have to run some more scans for malware, since you had Yazzle by Outerinfo installed on your computer.

---------------------------------------------------------------------------------------------
Please include the following in your next reply:

C:\Deckard\System Scanner\main.txt
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-04-2007, 04:23 AM   #4 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 14
OS: Windows XP Media Center


Re: Problem File
Hi

See below for the output of the 'main' file. I can't tell you whether or not my internet connection is working as the problem was with my laptop (am at work now), so will let you know when I get home and test it.

A couple of things:

There were 3 other filenames in the LSPFix 'Keep' box. The filenames were:

mswsock.dll
winrnr.dll
rsvpsp.dll

Also, it still wouldn't allow me to delete the folder 'Hide My IP 2007', which was the original problem file. Still comes up with the same 'Access Denied to proxyfilter.dll' message.

Incidentally - just in case I didn't make myself clear earlier - my internet connection is fine with this file and folder on my system. It was when I removed it with unlocker that my internet connection was lost (all previous posts were on my laptop with my working internet connection)

Anyway, here's the results of the 'main' file:

Deckard's System Scanner v20070328.36
Run by Neil on 2007-04-04 at 11:20:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Neil.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:20:46, on 04/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Verball\VerballSkypeApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\TalkTalk Online Security\backweb\81720\program\fsbwsys.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
C:\Program Files\TalkTalk Online Security\Anti-Virus\fssm32.exe
C:\Program Files\TalkTalk Online Security\Common\FSMB32.EXE
C:\Program Files\TalkTalk Online Security\backweb\81720\Program\fspex.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\TalkTalk Online Security\Common\FCH32.EXE
C:\Program Files\TalkTalk Online Security\Common\FAMEH32.EXE
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsrw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\PROGRA~1\TALKTA~1\ANTI-S~1\fsaw.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\TalkTalk Online Security\FSGUI\fsguidll.exe
C:\Documents and Settings\Neil\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Neil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thedees.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://espn.go.com/motion/detect.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TalkTalk Online Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\TalkTalk Online Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\TalkTalk Online Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Verball] "C:\Program Files\Verball\VerballSkypeApp.exe"
O4 - HKLM\..\Run: [SurfAnonymous] C:\Program Files\SurfAnonymous\SurfAnonymous.exe -1
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ProxyWay] F:\proxyway extra v3.2 full\proxyway.exe
O4 - HKCU\..\Run: [gAnonymousPE] C:\Program Files\GetAnonymous 2.2 Personal\GetAnonymousP.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: TalkTalk Online Security.lnk = C:\Program Files\TalkTalk Online Security\backweb\81720\Program\fspex.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Block this popup - C:\Program Files\TalkTalk Online Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\TalkTalk Online Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\TalkTalk Online Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk/
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: TalkTalk Online Security (BackWeb Plug-in - 81720) - BackWeb Technologies Inc. - C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\TalkTalk Online Security\backweb\81720\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


-- Files created between 2007-03-04 and 2007-04-04 -----------------------------

2007-04-03 22:15:22 0 d-------- C:\Tmp
2007-04-03 19:47:42 0 d-------- C:\Program Files\Hide My IP 2007<HIDEMY~1>
2007-03-31 17:22:18 0 d-------- C:\Documents and Settings\Neil\Application Data\FreeCap
2007-03-31 15:19:27 32 --a------ C:\WINDOWS\go
2007-03-31 13:37:28 0 d-------- C:\WINDOWS\system32\cache
2007-03-29 21:04:52 0 d-------- C:\Program Files\KONAMI
2007-03-23 23:15:15 39424 -----n--- C:\WINDOWS\YAXUninst.exe<YAXUNI~1.EXE>
2007-03-23 14:15:32 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll<XINPUT~3.DLL>
2007-03-23 14:15:32 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll<XACTEN~4.DLL>
2007-03-23 14:15:11 2297552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-03-23 12:09:47 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-03-18 12:30:07 528384 --a------ C:\WINDOWS\system32\Astro Gemini Screensaver Manager.scr<ASTROG~1.SCR>
2007-03-18 12:30:04 10366976 --a------ C:\WINDOWS\system32\3D Waterfall Screensaver.scr<3DWATE~1.SCR>
2007-03-18 12:30:04 0 d-------- C:\Program Files\Astro Gemini Software<ASTROG~1>
2007-03-17 1918 266240 --a------ C:\WINDOWS\system32\Mp3Doctor2.dll<MP3DOC~2.DLL>
2007-03-17 1918 1089536 --a------ C:\WINDOWS\system32\Mp3Doctor1.dll<MP3DOC~1.DLL>
2007-03-17 1918 204800 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-03-17 1918 90112 --a------ C:\WINDOWS\system32\ID3v23xBase.DLL<ID3V23~1.DLL>
2007-03-17 18:57:30 22528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-03-17 18:57:30 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-03-17 18:40:57 46 --a------ C:\WINDOWS\system32\uppim.dll
2007-03-17 15:45:58 0 d-------- C:\WINDOWS\system32\flashax
2007-03-15 23:55:24 0 d-------- C:\Documents and Settings\Neil\Application Data\Ahead
2007-03-15 23:49:54 2916352 -----n--- C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE>
2007-03-15 23:49:54 24064 -----n--- C:\WINDOWS\system32\msxml3a.dll
2007-03-15 23:45:47 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll
2007-03-15 23:45:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-03-15 23:45:46 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-15 23:45:45 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll
2007-03-15 23:45:45 476320 -----n--- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-15 23:45:44 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll
2007-03-15 23:45:43 106496 -----n--- C:\WINDOWS\system32\TwnLib20.dll
2007-03-15 23:45:43 38912 -----n--- C:\WINDOWS\system32\picn20.dll
2007-03-15 23:45:28 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-15 23:45:20 0 d-------- C:\Program Files\Ahead
2007-03-15 00:05:18 0 d-------- C:\Program Files\MOVAVI
2007-03-15 00:05:08 0 d-------- C:\Program Files\MOVAVI VideoSuite 3.4<MOVAVI~1.4>
2007-03-14 2317 5 --a------ C:\WINDOWS\system32\SySVid.dat
2007-03-14 23:05:38 3082 --a------ C:\WINDOWS\system32\affv11300p4now.sys<AFFV11~1.SYS>
2007-03-10 21:07:08 0 d-------- C:\Documents and Settings\Neil\Application Data\SopCast
2007-03-10 20:52:30 8192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-03-10 20:52:30 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-03-10 20:52:30 6144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-03-10 20:52:30 5632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-03-10 20:52:30 6144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-03-10 20:52:27 6144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-03-07 20:28:04 0 d-------- C:\Program Files\SopCast
2007-03-06 20:47:56 0 d-------- C:\Documents and Settings\Neil\Application Data\Skype
2007-03-06 20:47:52 0 d-------- C:\Program Files\Common Files\Skype
2007-03-06 20:47:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-03-06 20:47:23 0 d-------- C:\Program Files\Skype
2007-03-06 20:44:22 0 d-------- C:\Program Files\Verball
2007-03-06 20:42:50 21504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-06 20:42:47 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-03-06 20:42:38 59264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-03-05 20:31:11 0 d-------- C:\Documents and Settings\Neil\Application Data\ppstream


-- Find3M Report ---------------------------------------------------------------

2007-04-04 10:53:12 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-04 04:30:14 0 d-------- C:\Documents and Settings\Neil\Application Data\uTorrent
2007-04-03 16:48:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-04-02 23:22:24 0 d-------- C:\Program Files\Java
2007-04-02 22:23:20 0 d-------- C:\Program Files\uTorrent
2007-03-31 18:25:50 0 d-------- C:\Documents and Settings\Neil\Application Data\Mozilla
2007-03-29 21:22:25 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-15 23:30:04 2572 --a------ C:\WINDOWS\WINDVDBOOTRECDOE.sys<WINDVD~1.SYS>
2007-03-14 23:31:59 0 d-------- C:\Program Files\RGB
2007-03-08 16:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 23:35:25 0 d-------- C:\Program Files\DIGStream<DIGSTR~1>
2007-03-05 23:35:24 0 d-------- C:\Program Files\ESPNMotion<ESPNMO~1>
2007-03-05 23:16:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-02 20:26:48 0 d-------- C:\Documents and Settings\Neil\Application Data\F-Secure
2007-03-02 20:24:55 0 d-------- C:\Program Files\SupportSoft<SUPPOR~1>
2007-03-02 20:17:14 0 d-------- C:\Program Files\TalkTalk Online Security<TALKTA~1>
2007-03-02 20:05:10 0 d-------- C:\Program Files\Common Files\SupportSoft<SUPPOR~1>
2007-03-02 00:36:42 0 d-------- C:\Documents and Settings\Neil\Application Data\Symantec
2007-03-02 00:36:33 0 d-------- C:\Documents and Settings\Neil\Application Data\ispnews
2007-02-28 19:47:59 0 d-------- C:\Program Files\TalkTalk
2007-02-28 18:11:29 0 d-------- C:\Documents and Settings\Neil\Application Data\SlySoft
2007-02-24 17:15:38 0 d-------- C:\Program Files\SlySoft
2007-02-24 17:12:41 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-02-23 23:04:18 0 d-------- C:\Program Files\Screendragon VS4<SCREEN~1>
2007-02-23 23:04:18 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-23 23:04:18 0 d-------- C:\Program Files\MVAPPS
2007-02-23 23:04:15 0 d-------- C:\Program Files\HPQ
2007-02-23 23:04:13 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-02-23 23:04:11 0 d-------- C:\Program Files\DivX
2007-02-23 23:04:11 0 d-------- C:\Program Files\Common Files\Roxio Shared<ROXIOS~1>
2007-02-23 23:04:11 0 d-------- C:\Program Files\Common Files\MAGIX Shared<MAGIXS~1>
2007-02-23 23:04:11 0 d-------- C:\Program Files\Common Files\AOL
2007-02-19 23:56:19 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-02-19 23:56:18 0 d-------- C:\Program Files\Sonic
2007-02-15 1547 0 d-------- C:\Documents and Settings\Neil\Application Data\DivX
2007-02-06 21:03:37 0 d-------- C:\Program Files\Easy CD & DVD Cover Creator<EASYCD~1>
2007-02-05 20:51:35 0 d-------- C:\Documents and Settings\Neil\Application Data\GetRightToGo<GETRIG~1>
2007-02-05 20:31:39 0 d-------- C:\Program Files\Google
2007-01-31 00:15:10 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-01-30 06:03:34 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-01-30 06:03:34 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-30 06:03:34 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-01-30 06:03:26 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-30 06:03:26 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-30 05:56:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-30 05:56:52 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-25 00:34:52 292 --a------ C:\Documents and Settings\Neil\Application Data\wklnhst.dat
2007-01-07 00:04:04 187 --a------ C:\Documents and Settings\Neil\Application Data\G-Force Prefs (WindowsMediaPlayer).txt<G-FORC~1.TXT>
2007-01-05 15:42:48 335 --a------ C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"ProxyWay"="F:\\proxyway extra v3.2 full\\proxyway.exe"
"gAnonymousPE"="C:\\Program Files\\GetAnonymous 2.2 Personal\\GetAnonymousP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\
74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\
68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\
61,72,74,00
"Cpqset"="C:\\Program Files\\Hewlett-Packard\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"F-Secure Manager"="\"C:\\Program Files\\TalkTalk Online Security\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\TalkTalk Online Security\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\TalkTalk Online Security\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\TalkTalk Online Security\\FSGUI\\ispnews.exe\""
"TalkTalk"="\"C:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe\" /P TalkTalk"
"DIGStream"="C:\\Program Files\\DIGStream\\digstream.exe"
"Verball"="\"C:\\Program Files\\Verball\\VerballSkypeApp.exe\""
@=hex(2):00
"SurfAnonymous"="C:\\Program Files\\SurfAnonymous\\SurfAnonymous.exe -1"
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9677c3d6-b2f9-11db-9315-0018de7ec1f2}]
Shell\AutoRun\command setupSNK.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4f31765-95d2-11db-92bd-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


-- End of Deckard's System Scanner: finished at 2007-04-04 at 11:21:01 ---------
neilsinc is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-04-2007, 03:24 PM   #5 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 14
OS: Windows XP Media Center


Re: Problem File
Just as an add on to my previous post - internet is still working ok
neilsinc is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-04-2007, 10:31 PM   #6 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,584
OS: Windows XP Pro


Re: Problem File
Those 3 files are legit, but lets try removing the folder and doing some scans for malware.

---------------------------------------------------------------------------------------------
Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

Download Winsock2Fix Do not run this file. We may use it later.

---------------------------------------------------------------------------------------------

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\program files\hide my ip 2007

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Note: If you lose connection to the internet after deleting this file then run Winsock2Fix.

---------------------------------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Enter Safe Mode
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
  3. Instead of Windows loading as normal, a menu should appear
  4. Use the up arrow key to highlight Safe Mode and press Enter.
  5. Login with your usual account
  6. Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

---------------------------------------------------------------------------------------------

Restart your computer in normal mode.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Run Deckard's System Scanner (dss.exe) again, and post the resulting log.

---------------------------------------------------------------------------------------------

Please include the following in your next reply:


c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
AVG Anti-Spyware log
Panda Results
C:\Deckard\System Scanner\main.txt
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-05-2007, 04:58 PM   #7 (permalink)
Registered User
 
Join Date: Mar 2007
Posts: 14
OS: Windows XP Media Center


Re: Problem File
Here is the results of main:

Deckard's System Scanner v20070328.36
Run by Neil on 2007-04-05 at 23:52:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Neil.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:52:33, on 05/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Verball\VerballSkypeApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\TalkTalk Online Security\backweb\81720\program\fsbwsys.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
C:\Program Files\TalkTalk Online Security\Anti-Virus\fssm32.exe
C:\Program Files\TalkTalk Online Security\Common\FSMB32.EXE
C:\Program Files\TalkTalk Online Security\backweb\81720\Program\fspex.exe
C:\Program Files\TalkTalk Online Security\Common\FCH32.EXE
C:\Program Files\TalkTalk Online Security\Common\FAMEH32.EXE
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsrw.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\TALKTA~1\ANTI-S~1\fsaw.exe
C:\Program Files\TalkTalk Online Security\FSGUI\fsguidll.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Neil\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Neil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thedees.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://espn.go.com/motion/detect.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files