Thank you Neal,
Here are the logs you asked for:
1. SDFix log
SDFix: Version 1.103
Run by Martin Deady on 11/09/2007 at 20:31
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\MARTIN~1\Desktop\SDFix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\printer.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C :\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:E nabled:PowerCinema"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe"="C :\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe:*:E nabled
riverMagic Utilities"
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled
reamweaver 8"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*
isabled:Nero Home"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:MSI starter"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\Martin Deady\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Martin Deady\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\backburner 2\\manager.exe"="C:\\Program Files\\backburner 2\\manager.exe:*
isabled:backburner Manager Application"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\\Program Files\\BTST\\BTST\\BTST.exe"="C:\\Program Files\\BTST\\BTST\\BTST.exe:*:Enabled:BTST"
"%windir%\\system32\\winav.exe"="%windir%\\system3 2\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\winav.exe"="%windir%\\system3 2\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\MARTIN~1\Desktop\SDFix\SDFix\backups\b ackups.zip
Files with Hidden Attributes:
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command. com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.C OM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.C OM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com
C:\WarpCam\PlugIns\in_cam.dll
C:\WarpCam\PlugIns\in_feed.dll
C:\WarpCam\PlugIns\nsvdec_vp6.dll
C:\WarpCam\PlugIns\out_wave.dll
C:\Documents and Settings\admin\My Documents\Old Drive temp\Programme Files\Iso buster\IsoBuster\Help\AHlp.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
C:\Documents and Settings\Martin Deady\My Documents\My Downloads\RadioTracker_AQ_UK_DEMO_version2(1).exe
C:\Documents and Settings\Martin Deady\My Documents\My Downloads\RadioTracker_AQ_UK_DEMO_version2.exe
C:\Documents and Settings\Martin Deady\My Documents\My Downloads\Turbocad\TurboCADProfessional14-ESD.exe
C:\Documents and Settings\Martin Deady\My Documents\_______DeskTopTidyUp\PD6StdUKAQ6014.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WarpCam\WarpCam.exe
C:\WINDOWS\system32\Tools\All.exe
C:\WINDOWS\system32\Tools\Change.exe
C:\WINDOWS\system32\Tools\CheckPath.exe
C:\WINDOWS\system32\Tools\Counter.exe
C:\WINDOWS\system32\Tools\DelFolders.exe
C:\WINDOWS\system32\Tools\DirectSetup.exe
C:\WINDOWS\system32\Tools\RegClean.exe
C:\WINDOWS\system32\Tools\Regexe.exe
C:\WINDOWS\system32\Tools\Restart.exe
C:\WINDOWS\system32\Tools\RunRegexe.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sy s
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Martin Deady\Application Data\Microsoft\Word\~WRL1273.tmp
C:\Documents and Settings\Martin Deady\Desktop\INTROACTIONSCRIPT3-4873073208.zip
C:\Documents and Settings\Martin Deady\My Documents\Flash Tutorials\zip files\testad1typing.zip
Finished!
2. COMBOFIX log
ComboFix 07-09-10.6 - "Martin Deady" 2007-09-11 23:49:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2858 [GMT 1:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode
C:\DOCUME~1\MARTIN~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\MARTIN~1\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat
C:\DOCUME~1\MARTIN~1\APPLIC~1\WinAntiVirus Pro 2007\CookieList.dat
C:\DOCUME~1\MARTIN~1\APPLIC~1\WinAntiVirus Pro 2007\history.db
C:\DOCUME~1\MARTIN~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log
C:\DOCUME~1\MARTIN~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\DOCUME~1\MARTIN~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log
C:\DOCUME~1\MARTIN~1\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat
C:\DOCUME~1\MARTIN~1\APPLIC~1\winantiviruspro2007f reeinstall[1].exe
C:\Program Files\Common Files\winantivirus pro 2007
C:\Program Files\Common Files\winantivirus pro 2007\err.log
C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log
C:\UWA7P
C:\WINDOWS\system32\stera.log
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_FOPN
((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))))
.
2007-09-11 23:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 20:30 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-10 10:35 <DIR> d-------- C:\DOCUME~1\MARTIN~1\DoctorWeb
2007-09-10 09:19 <DIR> d-------- C:\VundoFix Backups
2007-09-10 08:48 <DIR> d-------- C:\testing back process
2007-09-07 19:51 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-09-03 16:06 <DIR> d-------- C:\DOCUME~1\MARTIN~1\APPLIC~1\Individual Software
2007-09-03 16:05 <DIR> d-------- C:\Program Files\Individual Software
2007-09-03 16:05 <DIR> d-------- C:\Program Files\Common Files\Individual Software
2007-09-03 16:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Individual Software
2007-09-02 08:19 <DIR> d-------- C:\DOCUME~1\MARTIN~1\APPLIC~1\WinRAR
2007-08-18 05:04 <DIR> d-------- C:\INTROACTIONSCRIPT3-4873073208(1)
2007-08-17 23:52 <DIR> d-------- C:\Actionscript
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-09-11 23:54 --------- d-------- C:\DOCUME~1\MARTIN~1\APPLIC~1\Free Download Manager
2007-09-11 23:37 --------- d-------- C:\DOCUME~1\MARTIN~1\APPLIC~1\MailWasherPro
2007-09-11 23:30 --------- d-------- C:\Program Files\Viewpoint
2007-09-11 22:52 --------- d-------- C:\Program Files\Steganos Security Suite 6
2007-09-11 22:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\IMSI
2007-09-11 22:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-11 20:21 --------- d-------- C:\DOCUME~1\MARTIN~1\APPLIC~1\Steganos
2007-09-10 19:16 --------- d-------- C:\Program Files\LimeWire
2007-09-05 09:22 --------- d-------- C:\Program Files\SuperBladePro
2007-08-31 18:55 --------- d-------- C:\Program Files\Common Files\eSellerate
2007-08-29 11:00 --------- d-------- C:\Program Files\Steganos Security Suite 2006
2007-08-26 12:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-08-15 12:22 --------- d-------- C:\DOCUME~1\MARTIN~1\APPLIC~1\AdobeUM
2007-08-14 20:24 --------- d-------- C:\DOCUME~1\MARTIN~1\APPLIC~1\Canon
2007-08-12 08:51 --------- d-------- C:\Program Files\Genometri
2007-08-04 14:49 --------- d-------- C:\Program Files\Xara
2007-08-04 14:49 --------- d-------- C:\Program Files\Common Files\Xara
2007-08-04 09:25 --------- d-------- C:\Program Files\WMV9_VCM
2007-08-04 09:20 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-24 19:30 686346 --a------ C:\WINDOWS\unins004.exe
2007-07-24 19:29 686874 --a------ C:\WINDOWS\unins003.exe
2007-07-14 09:29 --------- d-------- C:\Program Files\Free Download Manager
2007-07-14 09:24 --------- d-------- C:\Program Files\BlueSquad
2007-07-14 08:20 37027 --a------ C:\WINDOWS\atmoUn.exe
2007-07-10 10:00 490 --a------ C:\Untitled1_PublishData.dat
2007-06-14 13:34 83456 --a------ C:\WINDOWS\DWUninst.exe
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-01-14 01:06 55296 --a------ C:\Program Files\oem_activation.exe
2006-04-28 07:19:20 1,004 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"Omnipage"="C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe" [2001-05-26 00:56]
"GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 16:21]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-02 18:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-06 21:10]
"DriverMagicLogon"="C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" [2005-10-14 09:01]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2005-10-31 12:20]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 19:53]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2006-10-22 12:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 14:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"WISE-FTP Task Planner"="C:\Program Files\AceBIT\WISE-FTP 5\wf_tp.exe" [2007-07-23 12:25]
"Uniblue SpeedUpMyPC"="" []
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2007-08-16 08:48]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-21 00:24]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SSS2006"="C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"SSS6_Suite"="C:\Program Files\Steganos Security Suite 6\sss.exe" /booting
"SSS6_SAFE"="C:\Program Files\Steganos Security Suite 6\safe.exe" /booting
"SSS6_SPM"="C:\Program Files\Steganos Security Suite 6\spm.exe" /booting
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-12 10:33:02]
Lotus QuickStart.lnk - C:\lotus\wordpro\ltsstart.exe [2001-08-14 10:16:14]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
C:\DOCUME~1\MARTIN~1\STARTM~1\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-08-20 00:06:15]
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys
R1 SLEE_13_DRIVER;Steganos Live Encryption Engine 13 [Driver];\??\C:\WINDOWS\system32\drivers\SLEE13.sys
R2 DgiVecp;Team MFP Comm Driver;C:\WINDOWS\system32\Drivers\DgiVecp.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SY S
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S2 CX23880;TwinHan 23880 Video Capture;C:\WINDOWS\system32\drivers\THVidCap.sys
S2 THBDACAP;TwinHan BDA Transport Stream Capture;C:\WINDOWS\system32\drivers\THBDACap.sys
S2 THIR;TwinHan PCI IR Decoder;C:\WINDOWS\system32\drivers\THIR.sys
S2 THTUNE;TwinHan Analog Tuner;C:\WINDOWS\system32\drivers\THTune.sys
S3 AUD;TwinHan Analog Audio Capture;C:\WINDOWS\system32\DRIVERS\THAudCap.sys
S3 THAVXBar;TwinHan Analog AVStream Crossbar;C:\WINDOWS\system32\drivers\THAVXBar.sys
S3 THBDATUNE;TwinHan BDA DVB Tuner/Demod;C:\WINDOWS\system32\drivers\THBDATune.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-09-07 16:30:00 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
"2007-09-05 11
25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
"2007-04-18 09:17:48 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2007-08-26 13:23:03 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
************************************************** ************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-12 00:01:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 2711
************************************************** ************************
.
Completion time: 2007-09-12 0:02:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-12 00:02
.
--- E O F ---
3. hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06:42, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SatSrv.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AceBIT\WISE-FTP 5\wf_tp.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Martin Deady\My Documents\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.d ll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WISE-FTP Task Planner] "C:\Program Files\AceBIT\WISE-FTP 5\wf_tp.exe" /bg
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SYSTRAN: &Clear Translation Cache - C:\Program Files\Systran\Standard\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Standard\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Register - C:\Program Files\Systran\Standard\menuRegister.html
O8 - Extra context menu item: SYSTRAN: &Translate - C:\Program Files\Systran\Standard\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: Check for &Updates - C:\Program Files\Systran\Standard\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Translate All &Frames - C:\Program Files\Systran\Standard\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.viewpoint.com/MTS...etaStream3.cab
O16 - DPF: {245637BB-3A58-49A2-A7AB-F4A63B67652E} (PrinterDetector40.PrinterDetector) -
http://www.mymemory.co.uk/detector/P...Detector40.ocx
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) -
http://dlmanager.akamaitools.com.edg...ex-2.0.3.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) -
http://dev.imagingworld.co.kr/printe.../DrPrinter.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GhostStartService - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: kavsvc - Steganos GmbH - C:\Program Files\Steganos AntiVirus 2006\kavsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\WINDOWS\system32\SatSrv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
--
End of file - 13294 bytes
Phew!
Many thanks
Martin
