Jump to content

ian pollington

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. ian pollington
    Andy, No need to apologise man, you're doing me a big favour! I have spywareblaster, panda, etc installed and have always kept things up to date so I guess this infection has snuck in when one of the sprogs has been in Kazaa or the like. Everything seems fine now, thanks for all your help. Ian
  2. ian pollington
    Andy, The two logs you wanted - nothing found on Blacklight ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, April 13, 2007 1:48:53 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 13/04/2007 Kaspersky Anti-Virus database records: 296918 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan Statistics: Total number of scanned objects: 172152 Number of viruses found: 1 Number of infected objects: 1 / 0 Number of suspicious objects: 0 Duration of the scan process: 04:56:07 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeysf0e89a62ca4fa3835b90ef6b7bd4df_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys37ab47582002a4723fcc079829f368f_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys913ce832ec8c340e2b74f1b869c0988_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeysad38d35eb1d4890c0ce53fa646f924f_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeysc1349b20170b80cf733044dfa7f44f8_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeysc46c3209772caebd3e031f7ecb45851_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeyscbfe496ed17cbf128249992755dc5d6_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\133c740c29cc859120f169b921c329bc_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c3f22b2bff3a633fc8cadd6e75068d7_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c713628113dbe1fd6bd1adf33bd57d8_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2044487bd658375ee3a9faf5a0816fe2_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\214100beb808401030ef77c9643189f2_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2379dd8f08b82dcd33303d7945fab5c4_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23ab0e5c17c166c468709513f2213a4b_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\288f6703139ff4bd2dd85e4b84e2b5ff_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\28f5dd96cff6d1e16db7b2dbcd536d7f_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29f7c0b9ab8afb1356bfe6ef7180c735_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ce1eb49aa20b5f7abe94052329979cf_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d8b533a251a8b01a79a4f2d020915a3_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e0a05ba4a3321b6802991f1c31a5fd5_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\319836474369d39538f1eb5cd785de9f_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35d795e566ab36f5349389d99e9735e6_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37d1ef419f3f09ad8a86218622b61f99_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a91b5c96206b87ee20b839b5ef56c95_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c6d4b2d417a5b0d2b6e4eace62785af_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e8e2ee62e99128b4e133c3b81f53cd1_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\444301658548ff658fa424d3eb6c4411_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\45db6bf08502f5c3a4db74f3bdc318ab_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47041786809a1db42a456783c5ef691b_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4791ce2ac1becf6219a0b8961ce87608_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4bea10fe3c22800848ee031e96c1729f_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\513d6cb6850f2940329648925e0279f2_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51f7f611f327b0f6630ac7139b0bcd00_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\533e5333ed1dd84b56820015d0266433_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\578f6e766b10f03f260b85fdabe63c06_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a522f4858b502b30b718424c3b356ed_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5bb236aeca48833912e1688b8925ec5a_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c9a9f572b34e520dc152410f250334f_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d44eafbaf1fd1f8c85ad5dc5e60d140_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6169bb98acc76b48b7530b3d1c6d4471_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62b70c652fbf07b25b36bebba1ebdc69_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63e5aeded14bfd02cc7497aa97484275_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\64e1b80d925e7b68c63abc965d7fbb37_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\64f96a337ef3a51f39150963e32f69e3_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\695e1aec2af96b7354628cbcdcfcf0ef_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b4ec7e394e32ae1bf6f249d430b37af_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b87cc373324ee2041f74ed4c98c3eee_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6cb1a873c4fcedd7d40c88798fc56eed_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6cdd85916a827226094df2c2fe3412b9_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e8a412c2bef7727bcf3110f7c0867f1_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\731cd60982a690ccc5f58a740a2045ae_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\736096817012065d64b49ca8048a6428_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7676340b247bbc06728cfdc6e3c7c622_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76cfe43824ab6c1d409c82db1f178c57_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\78362caa24984809001eadbf10e87cdd_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\797328b7e4c54a7ef2ae4c8148e69b9b_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\828346bc81b110e22732b5dd6eaee122_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\85c7905ca5bf77b2fe79a77d8f18dc92_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87c301eace576a9e2d9513b230751475_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8864d58f77066b809229268b23fbd264_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89971915b5a9c21357a4ad4a1d7a14e5_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8adeb2add0481bd7a445b0737ead2784_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8ea3b3d05fcf0dc3466f3fde4fa76de1_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9159895eb2ba052089ba7844b0b1a026_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91e3a955e9902848a14892e8d5d0cbc3_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9227c8bd037455b81000a373bd50fa4c_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98f7ee1fd5e2ded1f29e5d732c23ce64_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\998c91b5a5c565274e4644ad8bb678df_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9db4f380a5f7c0e727100dee8a62f773_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9dba2a7ae119ebe3679faccc657e3142_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a961e995b6363995e268a9ed534439e6_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aaaa9fe4845b0cf042c03a3e331d656e_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac459481a250bdc7c146e057cf4656f5_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2209291dc7a8e6929ebcbdb7584d090_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb2ee7f294323d5a513cb229baa2b3bd_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb4785d50193c1d3cf1fcee837726c53_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be3e440ea681980047ad0c0b0e540bf2_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\beb7a46a194452516bf22884b336d3b5_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf55faa37ef4ef838e1601d42efbd804_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1447f9b14b29f004fabdeb55d234581_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2445e52eba188199c1cfe9cb1e09950_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4014b553029882102a7a630673692b0_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c491821114d1f2782355a2a79a6763e4_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4ed1c168694e821400088342e32ae8b_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca347acbbcce7e8968bf2993bcc94463_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb5b5d8fb60f3e52d2ac92335e794fd7_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf26eea531fdc90fe0c75fe8c6c5df9c_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d27c7f9d18ac371fed57f2c1962f2c58_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d553e1f99d518c1ddf903a9d7de514bd_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d67765e7173d0d098a07bc29199e0b88_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8714a2dc829471b2224c058be38c784_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d907f27a7b2591cab7b907e2f87ba31b_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da276b89634bf5cdb14bb92650c77f17_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\de20122d2320f2cbf691c3d9eecb8d49_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df01e725ad7f64e17f93d395e5a1f87b_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0dd0b89bb584d6358c5258f6748c21c_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e23710c94953a2dc973c459891224f15_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e384f9d162d5fd197c90c47131bbcd06_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e62c7b95e38f1b6c6a3ab3de3356eee9_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e69745cea656e36948955badcec02cf5_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e6f06edf1dad19a844fcbb6b7e461140_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e8b2cda46da5336b89335fa218607905_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec07bb49ef2750f7dde6f72ac4f58c36_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ecdd74f7a51554ad013762046fadc885_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2539e0a2a76e8be61bb113f19cba52e_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2d5156e8c83c017e04ca5e36e3ceaa8_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f838b423c47846a0f3e74fafb5c2b0b3_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f90120b44d8e108af70828589c7333e9_bda725c4-319a-4d7f-acf3-1dfdcec94d92 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12062006-064806.log Object is locked skipped C:\Documents and Settings\ian\Application Data\J River\Media Center 11\Library\view state (data).jmd Object is locked skipped C:\Documents and Settings\ian\Application Data\J River\Media Center 11\Thumbnails\{62734696-FEFE-420E-9AF8-6E368CE15D73}\Normal (v3)\Thumbnails.jmd Object is locked skipped C:\Documents and Settings\ian\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped C:\Documents and Settings\ian\Application Data\Mozilla\Firefox\Profiles\default.fna\cert8.db Object is locked skipped C:\Documents and Settings\ian\Application Data\Mozilla\Firefox\Profiles\default.fna\formhistory.dat Object is locked skipped C:\Documents and Settings\ian\Application Data\Mozilla\Firefox\Profiles\default.fna\history.dat Object is locked skipped C:\Documents and Settings\ian\Application Data\Mozilla\Firefox\Profiles\default.fna\key3.db Object is locked skipped C:\Documents and Settings\ian\Application Data\Mozilla\Firefox\Profiles\default.fna\parent.lock Object is locked skipped C:\Documents and Settings\ian\Application Data\Mozilla\Firefox\Profiles\default.fna\search.sqlite Object is locked skipped C:\Documents and Settings\ian\Application Data\Mozilla\Firefox\Profiles\default.fna\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\ian\Cookies\index.dat Object is locked skipped C:\Documents and Settings\ian\Local Settings\Application Data\ApplicationHistory\MemeoBackup.exe.bde7ef1c.ini.inuse Object is locked skipped C:\Documents and Settings\ian\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped C:\Documents and Settings\ian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\ian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\ian\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{698E7E69-7ECA-4A3A-848E-07845D7B065C} Object is locked skipped C:\Documents and Settings\ian\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.fna\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\ian\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.fna\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\ian\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.fna\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\ian\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.fna\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\ian\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\ian\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\ian\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\ian\NTUSER.DAT Object is locked skipped C:\Documents and Settings\ian\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\My Documents\Outlook.pst Object is locked skipped C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\MshConf\scoffset.bin.incr Object is locked skipped C:\Program Files\Panda Software\Panda Internet Security 2007\PSK_NAMES2_3 Object is locked skipped C:\Program Files\Panda Software\Panda Internet Security 2007\PSK_NAMES_3 Object is locked skipped C:\Program Files\Tanagra\Memeo\MemeoBackup.exe.log-2007-4-13.log Object is locked skipped C:\Program Files\Tanagra\Memeo\MemeoService.exe.log-2007-4-13.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{812104D2-B324-45C4-AB58-E2123BB7043B}\RP22\A0001569.dll Object is locked skipped C:\System Volume Information\_restore{812104D2-B324-45C4-AB58-E2123BB7043B}\RP22\A0001613.old Infected: Trojan.Win32.Small.kl skipped C:\System Volume Information\_restore{812104D2-B324-45C4-AB58-E2123BB7043B}\RP25\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{5564CB09-9660-499E-9C2A-586916A50DD7}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\default Object is locked skipped C:\WINDOWS\SYSTEM32\config\DEFAULT.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\sam Object is locked skipped C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\security Object is locked skipped C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\software Object is locked skipped C:\WINDOWS\SYSTEM32\config\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\system Object is locked skipped C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped G:\System Volume Information\_restore{812104D2-B324-45C4-AB58-E2123BB7043B}\RP25\change.log Object is locked skipped H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped H:\System Volume Information\_restore{812104D2-B324-45C4-AB58-E2123BB7043B}\RP25\change.log Object is locked skipped I:\System Volume Information\_restore{812104D2-B324-45C4-AB58-E2123BB7043B}\RP25\change.log Object is locked skipped Scan process completed. 04/13/07 07:40:14 [info]: BlackLight Engine 1.0.61 initialized 04/13/07 07:40:14 [info]: OS: 5.1 build 2600 (Service Pack 2) 04/13/07 07:40:14 [Note]: 7019 4 04/13/07 07:40:14 [Note]: 7005 0 04/13/07 07:40:19 [Note]: 7006 0 04/13/07 07:40:19 [Note]: 7011 3932 04/13/07 07:40:19 [Note]: 7026 0 04/13/07 07:40:20 [Note]: 7026 0 04/13/07 07:40:28 [Note]: FSRAW library version 1.7.1021 04/13/07 08:19:28 [Note]: 7007 0
  3. ian pollington
    Andy, The two logs are below. The failure to find helper .exe is fine, I knew it had gone but maybe worded my reply badly - however I am sure I remember trying to find out about this file a long while ago as I had noticed it and didn't know what it was doing there. If I remember how far back I'll let you know! I checked the two files in Hijackthis, had already removed old java stuff and will probably keep Panda as I've paid for it! Thanks Ian Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\yjtcrnvb ******************* Script file located at: \??\C:\iiquwycx.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File c:\windows\seagate-helper.exe not found! Deletion of file c:\windows\seagate-helper.exe failed! Could not process line: c:\windows\seagate-helper.exe Status: 0xc0000034 File c:\windows\seagate-helper.old deleted successfully. Completed script processing. ******************* Finished! Terminate. Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman ? 2005 ; Version: 2.0.2.0 ; Results at 12/04/2007 23:13:52 for strings: ; 'seagate-helper' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log...
  4. ian pollington
    Andy, All seems to have worked fine, thank you so much! The only issue that I can see is seagate-helper is still there but as .old - it can't be deleted though, access denied. Sorry that you have so much to look at now! Thanks again Ian Gromozon Log Removal tool loaded into memory ------------------------------------ Executing rootkit removal engine.... ------------------------------------ Disabling rootkit file: \\?\C:\WINDOWS\system32\aux.pzq \\?\C:\WINDOWS\system32\aux.pzq Resetting file permissions... Clearing attributes... Removing file... Rootkit removed! Cleaning up... Removing temp files... Scanning: C:\WINDOWS Scanning: C:\Program Files\Common Files Gromozon-Related Malicious Code Detected! FileName: C:\WINDOWS\abypu1.dll Removed! Trojan.Gromozon Removed! Forgot to save the log but here is the event log from AVG <history> - <!-- 01c77cfd19bd3970 --> - <rec time="2007/04/12 08:08:42" user="SYSTEM" source="Update"> <value>@HL_UpdateOK</value> <attr name="version">avi:993-991;iavi:767-760;</attr> </rec> - <rec time="2007/04/12 08:09:41" user="ian" source="General"> <value>@HL_TestStarted</value> <attr name="testname">@TestName_02</attr> </rec> - <rec time="2007/04/12 08:37:19" user="ian" source="Virus"> <value>@HL_ReportFind</value> <attr name="where">C:\Program Files\Max Registry Cleaner\Backup\14 10 2006 09-20-46[46.tmp].dat</attr> <attr name="type">@EID_Id_trj</attr> <attr name="what">Generic2.ETZ</attr> </rec> - <rec time="2007/04/12 09:05:28" user="ian" source="Virus"> <value>@HL_ReportFind</value> <attr name="where">C:\WINDOWS\SYSTEM32\eicj.dll</attr> <attr name="type">@EID_Id_trj</attr> <attr name="what">Generic2.ETZ</attr> </rec> - <rec time="2007/04/12 10:38:17" user="SYSTEM" source="Virus"> <value>@HL_ReportFindRS</value> <attr name="filename">C:\System Volume Information\_restore{812104D2-B324-45C4-AB58-E2123BB7043B}\RP21\A0001515.dll</attr> <attr name="finding">@EID_Id_trj</attr> <attr name="virusname">Lop.AH</attr> </rec> - <rec time="2007/04/12 10:38:17" user="SYSTEM" source="Virus"> <value>@HL_ReportFindRS</value> <attr name="filename">C:\System Volume Information\_restore{812104D2-B324-45C4-AB58-E2123BB7043B}\RP21\A0001515.dll</attr> <attr name="finding">@EID_Id_trj</attr> <attr name="virusname">Lop.AH</attr> </rec> - <rec time="2007/04/12 10:38:39" user="ian" source="Virus"> <value>@HL_ActionTaken</value> <attr name="filename">C:\System Volume Information\_restore{812104D2-B324-45C4-AB58-E2123BB7043B}\RP21\A0001515.dll</attr> <attr name="action">@HL_ActCleaned</attr> </rec> - <rec time="2007/04/12 10:38:53" user="ian" source="General"> <value>@HL_TestStarted</value> <attr name="testname">@TestName_02</attr> </rec> - <rec time="2007/04/12 11:10:35" user="ian" source="Virus"> <value>@HL_ReportFind</value> <attr name="where">C:\Program Files\Max Registry Cleaner\Backup\14 10 2006 09-20-46[46.tmp].dat</attr> <attr name="type">@EID_Id_trj</attr> <attr name="what">Generic2.ETZ</attr> </rec> - <rec time="2007/04/12 11:39:40" user="ian" source="Virus"> <value>@HL_ReportFind</value> <attr name="where">C:\WINDOWS\SYSTEM32\eicj.dll</attr> <attr name="type">@EID_Id_trj</attr> <attr name="what">Generic2.ETZ</attr> </rec> - <rec time="2007/04/12 11:39:41" user="SYSTEM" source="Virus"> <value>@HL_ReportFindRS</value> <attr name="filename">C:\WINDOWS\SYSTEM32\eicj.dll</attr> <attr name="finding">@EID_Id_trj</attr> <attr name="virusname">Generic2.ETZ</attr> </rec> - <rec time="2007/04/12 11:40:26" user="SYSTEM" source="Virus"> <value>@HL_ReportFindRS</value> <attr name="filename">C:\WINDOWS\SYSTEM32\eicj.dll</attr> <attr name="finding">@EID_Id_trj</attr> <attr name="virusname">Generic2.ETZ</attr> </rec> - <rec time="2007/04/12 11:40:27" user="ian" source="Virus"> <value>@HL_ActionTaken</value> <attr name="filename">C:\WINDOWS\SYSTEM32\eicj.dll</attr> <attr name="action">@HL_ActCleaned</attr> </rec> - <rec time="2007/04/12 12:21:30" user="ian" source="General"> <value>@HL_TestEnded</value> <attr name="testname">@TestName_02</attr> <attr name="infectedfiles">2</attr> </rec> - <rec time="2007/04/12 12:21:31" user="ian" source="Virus"> <value>@HL_ActionTaken</value> <attr name="filename">C:\Program Files\Max Registry Cleaner\Backup\14 10 2006 09-20-46[46.tmp].dat</attr> <attr name="action">@HL_ActCleaned</attr> </rec> - <rec time="2007/04/12 12:21:31" user="ian" source="Virus"> <value>@HL_ActionTaken</value> <attr name="filename">C:\WINDOWS\SYSTEM32\eicj.dll</attr> <attr name="action">@HL_ActCleaned</attr> </rec> </history> HijackThis log Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 16:57:31, on 12/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Tanagra\Memeo\MemeoService.exe C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\iRiver\HSeries\iHPDetect.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KVM.exe C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE c:\program files\panda software\panda internet security 2007\WebProxy.exe C:\Program Files\Tanagra\Memeo\MemeoBackup.exe C:\Program Files\J River\Media Center 11\Media Center.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\ian\Desktop\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: KVM.exe O4 - Startup: Media Server.lnk = C:\WINDOWS\SYSTEM32\MC11.exe O4 - Startup: Memeo Launcher.lnk = ? O4 - Global Startup: KVM.exe O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121933000156 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Unknown owner - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe O23 - Service: Panda TPSrv (TPSrv) - Unknown owner - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe -- End of file - 12034 bytes
  5. ian pollington
    Andy, What a man! Fix worked and below is the hijackthis log that was generated almost immediately - one question, how did that sucker get in there? Thanks for your help on this and hope that no gromozone is also lurking! Ian Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 22:57:22, on 11/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Tanagra\Memeo\MemeoService.exe C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE c:\program files\panda software\panda internet security 2007\WebProxy.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iRiver\HSeries\iHPDetect.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KVM.exe C:\Program Files\J River\Media Center 11\Media Center.exe C:\Program Files\Tanagra\Memeo\MemeoBackup.exe C:\PROGRA~1\Yahoo!\Common\unyt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Documents and Settings\ian\Desktop\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\seagate-helper.exe", O2 - BHO: (no name) - {00000000-6C30-11D8-9363-000AE6309654} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {21B5274C-4950-A739-CFDE-34197B9D4B81} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: KVM.exe O4 - Startup: Media Server.lnk = C:\WINDOWS\SYSTEM32\MC11.exe O4 - Startup: Memeo Launcher.lnk = ? O4 - Global Startup: KVM.exe O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121933000156 O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Unknown owner - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe O23 - Service: Panda TPSrv (TPSrv) - Unknown owner - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe -- End of file - 12896 bytes
  6. ian pollington
    Andy, Sorry for the delay - been working today! This is the contents of result.txt Thanks Ian ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe ApplicationGoo REG_BINARY 140200001002000000020000900434000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100000007000B000000000007000B0000003F000000020000000400010001000000000000000000000000000000440000000100560061007200460069006C00650049006E0066006F00000000002400040000005400720061006E0073006C006100740069006F006E00000000000904E404F0030000010053007400720069006E006700460069006C00650049006E0066006F000000CC03000001003000340030003900300034004500340000004A001900010043006F006D006D0065006E007400730000004300720079007300740061006C002000530051004C002000440065007300690067006E0065007200200037002E0030000000000088003400010043006F006D00700061006E0079004E0061006D006500000000005300650061006700610074006500200053006F00660074007700610072006500200049006E0066006F0072006D006100740069006F006E0020004D0061006E006100670065006D0065006E0074002000470072006F00750070002C00200049006E0063002E000000AE00450001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000280063002900200031003900390031002D003100390039001000000000000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe Debugger REG_SZ "c:\windows\system32\fmomtuqu.old" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe ApplicationGoo REG_BINARY 5409000054020000000200008C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000200A8112E0400000200A8112E0400003F000000200000000400000001000000000000000000000000000000EC020000010053007400720069006E006700460069006C00650049006E0066006F000000C8020000010030003000300030003000340062003000000038001000010043006F006D006D0065006E007400730000004F007200690067006E0061006C002000560065007200730069006F006E00000042001100010043006F006D00700061006E0079004E0061006D006500000000005300410050002000410047002C002000570061006C006C0064006F0072006600000000005A0019000100460069006C0065004400650073006300720069007000740069006F006E00000000005300410050002000460072006F006E00740065006E006400200066006F0072002000570069006E0064006F0077007300000000003C000E000100460069006C006500560065007200730069006F006E000000000034003500320030002E0032002E0030002E003100300037003000000032000900010049006E007400650072006E0061006C004E0061006D0065000000460045005700460052004F004E005400000000007A002B0001004C006500670061006C0043006F007000790072006900670068000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B00200033000000230054020000000200008C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE0000010003009E112604000003009E11260400003F000000200000000400000001000000000000000000000000000000EC020000010053007400720069006E006700460069006C00650049006E0066006F000000C8020000010030003000300030003000340062003000000038001000010043006F006D006D0065006E007400730000004F007200690067006E0061006C002000560065007200730069006F006E00000042001100010043006F006D00700061006E0079004E0061006D006500000000005300410050002000410047002C002000570061006C006C0064006F0072006600000000005A0019000100460069006C0065004400650073006300720069007000740069006F006E00000000005300410050002000460072006F006E00740065006E006400200066006F0072002000570069006E0064006F0077007300000000003C000E000100460069006C006500560065007200730069006F006E000000000034003500310030002E0033002E0030002E003100300036003200000032000900010049006E007400650072006E0061006C004E0061006D0065000000460045005700460052004F004E005400000000007A002B0001004C006500670061006C0043006F007000790072006900670068000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B0020003300000023005402000000020000200334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE0000010000000400F003000000000400F00300003F0000000000000004000100010000000000000000000000000000007E020000010053007400720069006E006700460069006C00650049006E0066006F0000005A02000001003000340030003900300034004500340000002E000700010043006F006D00700061006E0079004E0061006D00650000000000530041005000200041004700000000005A0019000100460069006C0065004400650073006300720069007000740069006F006E00000000005300410050002000460072006F006E00740065006E006400200066006F0072002000570069006E0064006F00770073000000000036000B000100460069006C006500560065007200730069006F006E000000000034002E0030002E0030002E003100300030003800000000002C000600010049006E007400650072006E0061006C004E0061006D0065000000460052004F004E00540000005E001D0001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A900200031003900390033002D0031003900390037002000530041005000200041004700000000002800000001004C006500670061006C0054007200610064000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B0020003300000023005402000000020000180334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE0000010000000400DD03000000000400DD0300003F00000000000000040001000100000000000000000000000000000078020000010053007400720069006E006700460069006C00650049006E0066006F0000005402000001003000340030003900300034004500340000002E000700010043006F006D00700061006E0079004E0061006D00650000000000530041005000200041004700000000005A0019000100460069006C0065004400650073006300720069007000740069006F006E00000000005300410050002000460072006F006E00740065006E006400200066006F0072002000570069006E0064006F00770073000000000034000A000100460069006C006500560065007200730069006F006E000000000034002E0030002E0030002E0039003800390000002C000600010049006E007400650072006E0061006C004E0061006D0065000000460052004F004E00540000005E001D0001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A900200031003900390033002D0031003900390037002000530041005000200041004700000000002800000001004C006500670061006C00540072006100640065006D000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B002000330000002300 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe ApplicationGoo REG_BINARY 5802000054020000000200006C0734000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F000000000000000400040001000000000000000000000000000000CC060000010053007400720069006E006700460069006C00650049006E0066006F00000054030000010030003400300039003000340042003000000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073006300720069007000740069006F006E00000000004D006900630072006F0073006F00660074002000450078006300680061006E00670065002000530065007200760065007200200053006500740075007000000036000B000100460069006C006500560065007200730069006F006E000000000035002E0035002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C004E0061006D00650000005300650074007500700000009C003C0001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020000200000000000000010000004C0000003CFD0600050000000000000065050000020000000300000002000000530065007200760069006300650020005000610063006B002000340000002300 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe ApplicationGoo REG_BINARY 580200005402000000020000440234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100010001000C000000010001000C00000000000000000000000400000001000000000000000000000000000000440000000000560061007200460069006C00650049006E0066006F00000000002400040000005400720061006E0073006C006100740069006F006E00000000000904B004A4010000010053007400720069006E006700460069006C00650049006E0066006F00000080010000010030003400300039003000340042003000000040002000010043006F006D00700061006E0079004E0061006D00650000000000440065004C006F0072006D00650020004D0061007000700069006E0067000000440022000100500072006F0064007500630074004E0061006D006500000000005200650067002000280044004C0069006200620079005C006D0073006600290000000000340014000100460069006C006500560065007200730069006F006E000000000031002E00300031002E0030003000310032000000380014000100500072006F006400750063007400560065007200730069006F006E00000031002E00300031002E003000300031003200000034001200010049006E007400650072006E0061006C004E0061006D00650000004D004E00470052004500470033003200000000000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B002000330000002300 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE GlobalFlag REG_SZ 0x00200000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE GlobalFlag REG_SZ 0x00200000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe ApplicationGoo REG_BINARY 140200001002000000020000B40234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100350007000000000035000700000000003F00000000000000040000000100000000000000000000000000000012020000010053007400720069006E006700460069006C00650049006E0066006F000000EE010000010030003400300039003000340062003000000042001100010043006F006D00700061006E0079004E0061006D00650000000000500065006F0070006C00650053006F00660074002C00200049006E0063002E0000000000280000000100460069006C0065004400650073006300720069007000740069006F006E00000000002A0005000100460069006C006500560065007200730069006F006E000000000037002E0035003300000000009C003C0001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A900200031003900380038002D0031003900390038002000500065006F0070006C00650053006F00660074002C00200049006E0063002E002000200041006C006C00200052006900670068007400730020005200650073006500720076006500640000003C000A0001004F0072006900670069006E0061006C00460069006C0065006E0061006D00650000007000730064006D0074002E001000000000000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Salwrap.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe ApplicationGoo REG_BINARY 000700005402000000020000840734000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F000000000000000400040001000000000000000000000000000000E4060000010053007400720069006E006700460069006C00650049006E0066006F00000060030000010030003400300039003000340042003000000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073006300720069007000740069006F006E00000000004D006900630072006F0073006F00660074002000450078006300680061006E00670065002000530065007200760065007200200053006500740075007000000036000B000100460069006C006500560065007200730069006F006E000000000035002E0035002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C004E0061006D00650000005300650074007500700000009E003D0001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020000200000000000000010000004C0000003CFD0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006B0020003300000024005402000000020000A40834000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F00000000000000040004000100000000000000000000000000000004080000010053007400720069006E006700460069006C00650049006E0066006F000000F0030000010030003400300039003000340042003000000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073006300720069007000740069006F006E00000000004D006900630072006F0073006F00660074002000450078006300680061006E00670065002000530065007200760065007200200053006500740075007000000036000B000100460069006C006500560065007200730069006F006E000000000035002E0035002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C004E0061006D0065000000530065007400750070000000A600410001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020000200000000000000010000004C0000003CFD0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006B0020003300000024005402000000020000180434000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F00000000000000040004000100000000000000000000000000000078030000010053007400720069006E006700460069006C00650049006E0066006F00000054030000010030003400300039003000340042003000000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073006300720069007000740069006F006E00000000004D006900630072006F0073006F00660074002000450078006300680061006E00670065002000530065007200760065007200200053006500740075007000000036000B000100460069006C006500560065007200730069006F006E000000000035002E0035002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C004E0061006D00650000005300650074007500700000009A003B0001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020000200000000000000010000004C0000003CFD0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006B002000330000002400 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll ApplicationGoo REG_BINARY 140200001002000000020000040334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001001C0008000000000000000800000000003F00000000000000040000000100000000000000000000000000000064020000010053007400720069006E006700460069006C00650049006E0066006F00000040020000010030003400300039003000340062003000000044001200010043006F006D00700061006E0079004E0061006D0065000000000043006F00720065006C00200043006F00720070006F0072006100740069006F006E0000004E0013000100460069006C0065004400650073006300720069007000740069006F006E000000000043006F00720065006C002000530065007400750070002000570069007A00610072006400000000002C0006000100460069006C006500560065007200730069006F006E000000000038002E00300032003800000046001300010049006E007400650072006E0061006C004E0061006D006500000043006F00720065006C002000530065007400750070002000570069007A00610072006400000000006C00240001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A900200031003900390037002C00200043006F00720065006C00200043006F00720070006F0072000800000000000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe ApplicationGoo REG_BINARY 140200001002000000020000380334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE0000010002000A0001000A0002000A0001000A000000000000000000040001000100000000000000000000000000000098020000010053007400720069006E006700460069006C00650049006E0066006F0000007402000001003000340030003900300034004500340000004A001500010043006F006D00700061006E0079004E0061006D00650000000000530079006D0061006E00740065006300200043006F00720070006F0072006100740069006F006E000000000060001C000100460069006C0065004400650073006300720069007000740069006F006E0000000000530079006D0061006E007400650063002000530079006D006500760065006E007400200049006E007300740061006C006C0065007200000034000A000100460069006C006500560065007200730069006F006E0000000000310030002E0032002E00310030002E003100000030000800010049006E007400650072006E0061006C004E0061006D006500000053004500560049004E005300540000007E002D0001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020002800430029002000530079006D0061006E00740065006300200043006F0072000100000000000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE ApplicationGoo REG_BINARY 1402000010020000000200007C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100000001000900260000000100090026003F000000000000000400000001000000000000000000000000000000DC020000010053007400720069006E006700460069006C00650049006E0066006F000000B8020000010030003400300039003000340062003000000066002700010043006F006D006D0065006E0074007300000042007500730069006E00650073007300200049006E00740065006C006C006900670065006E006300650020006F006E0020004500760065007200790020004400650073006B0074006F0070000000000048001400010043006F006D00700061006E0079004E0061006D0065000000000043006F0067006E006F007300200049006E0063006F00720070006F0072006100740065006400000060001C000100460069006C0065004400650073006300720069007000740069006F006E000000000043006F0067006E006F0073002000470065006E006500720069006300200049006E007300740061006C006C006100740069006F006E00000038000C000100460069006C006500560065007200730069006F006E000000000031002C00200030002C002000330038002C0020003900000030000800010049006E007400650072006E0061006C004E0061006D00650000000100000000000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger REG_SZ ntsd -d GlobalFlag REG_SZ 0x000010F0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE ApplicationGoo REG_BINARY 140200001002000000020000A40234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100000001000100000000000100010000003F00000000000000010001000100000000000000000000000000000004020000010053007400720069006E006700460069006C00650049006E0066006F000000E0010000010030003400300039003000340045003400000020000000010043006F006D00700061006E0079004E0061006D00650000000000580018000100460069006C0065004400650073006300720069007000740069006F006E000000000049004E005300540041004C004C0020004D004600430020004100700070006C00690063006100740069006F006E000000300008000100460069006C006500560065007200730069006F006E000000000031002E0030002E00300030003100000030000800010049006E007400650072006E0061006C004E0061006D006500000049004E005300540041004C004C0000002400000001004C006500670061006C0043006F00700079007200690067006800740000002800000001004C006500670061006C00540072006100640065006D00610072006B0073000000000040000C0001004F0072006900670069006E0061006C00460069006C0065006E0061006D006500000049004E005300540041004C004C002E004500580045000000300008000800000000000000
  7. ian pollington
    Hi, Downloaded the file OK and started running but at 12% a message flashed up on the screen - difficult to catch but I think it was something about never having run hijackthis. Comboscan closed and no logs in the folder. Shall I follow the instructions in the links in the replies to the mail below? Thanks Ian
  8. ian pollington
    Sorry, can't even get to the forum - as soon as I click on the title page the browser shuts down! same happens if I enter hijacktjhis in a search engine - I don't have it loaded Ian
  9. ian pollington
    Hi, I know that this is the wrong Forum but I can't access anything that has the words CCleaner in it! I have been using it for years but suddenly the screen goes immediately to all wallpaper and then the desktop icons re-appear whenever: 1) I try and open CCleaner from the desktop, from the start menu or from program manager. 2) I type CCleaner into a search engine and this closes the browser too! 3) After running ccsetup the language screen appears but then it all goes again 4) entering ccsetup or CCleaner into search on windows explorer. 5) right click on the desktop icon for cc 6) try and delete the program in remove programs I can't quite figure when this started but I haven't loaded 1.38 yet - and can't. I am running XP, Office 2007 and Panda. I cannot remember anything being updated recently I have run virus checks from panda and using on-line and nothing is found. Any assistance would be much appreciated! Thanks Ian
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept