# Interent problems



## dylan walker

hello, 

The other day when I opened internet explorer a pop came up.
It said this

Your system is infected with viruses
Note: Strongly recommended to anitspywere programme to clean your system and avoid total crash on your computer.
click ok to download anti-spyware. (recommended)

I click on cancel and it goes away but then if I try changing to internet site or click on a link the pop up comes back up and blocks me until i click on cancel.

Does anyone know a solution?

many thanks for any responces and if any more info is needed please ask..

thanks again
walker


----------



## Punk

Hello *Dylan Walker*, what you have is a virus that will ask you to download a rogue anty-spyware program. *DO NOT DOWNLOAD IT*. In order to remove this infection, please follow these instructions. If you have any question, don't hesitate 

Let's see what you have on your computer:

*Click here* to download *HJTsetup.exe*
Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click *Next* in the setup dialogue boxes until you get to the *Select Additional Tasks* dialogue.
Put a check by *Create a desktop icon* then click *Next* again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click *Finish* and it will launch Hijack This.
Click on the *Do a system scan and save a log file* button. It will scan and then ask you to save the log.
Click *Save* to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


Please download *SmitfraudFix* (by *S!Ri*)

    Double-click *SmitfraudFix.exe*.
    Select option #1 - *Search* by typing *1* and press "*Enter*"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move *SmitfraudFix.exe* directly to the root of the system drive (usually *C:*), and launch from there.

*Note* : *process.exe* is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

To sum up in your next reply I'll need the:

Hijackthis log
SmitFraudFix log


----------



## dylan walker

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:23 PM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\documents and settings\jeffery\local settings\application data\bfzuima.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jeffery\Desktop\hijackthis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Video - {95E1D855-9232-48F7-80D9-1ADB65B7939C} - C:\WINDOWS\tokry.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Documents and Settings\Jeffery\My Documents\Dafydd's file OLD STUFF NOW ON EXTERNAL DRIVE\one touch external hardrive\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [bfzuima] c:\documents and settings\jeffery\local settings\application data\bfzuima.exe bfzuima
O4 - HKCU\..\Run: [antispy] C:\Documents and Settings\Jeffery\My Documents\Dafydd\Various\FyddNeb\IEAntiVirus\ANTIVIRUS.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYYFR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {36A59337-6EEF-40AE-94B1-ED443A0C4740} - http://download.abetterinternet.com/download/cabs/BANDLL58/banner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167573335234
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/s.../pages/scanner/ErrorSafeNewReleaseInstall.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{23525528-AAA2-4D3E-8E51-829E705D4DE1}: NameServer = 192.168.2.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Unknown owner - C:\Documents and Settings\Jeffery\My Documents\Dafydd's file OLD STUFF NOW ON EXTERNAL DRIVE\one touch external hardrive\Sync\SyncServices.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O24 - Desktop Component 0: (no name) - http://www.trojanrecords.net/pics/wallpaper/boxsetsS.jpg
O24 - Desktop Component 1: (no name) - http://www.trojanrecords.net/pics/wallpaper/LogoTile.gif
O24 - Desktop Component 3: (no name) - http://google.co.uk/

--
End of file - 16291 bytes


this is all the information i got. i think its what you have asked for


----------



## dylan walker

SmitFraudFix v2.320

Scan done at 17:27:35.93, Sat 05/17/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\documents and settings\jeffery\local settings\application data\bfzuima.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeffery


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeffery\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jeffery\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.trojanrecords.net/pics/wallpaper/boxsetsS.jpg"
"SubscribedURL"="http://www.trojanrecords.net/pics/wallpaper/boxsetsS.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://www.trojanrecords.net/pics/wallpaper/LogoTile.gif"
"SubscribedURL"="http://www.trojanrecords.net/pics/wallpaper/LogoTile.gif"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: tokry.dll
BHO: Video - {95E1D855-9232-48F7-80D9-1ADB65B7939C}
CLSID: {95E1D855-9232-48F7-80D9-1ADB65B7939C}
AppID: {95E1D855-9232-48F7-80D9-1ADB65B7939C}
AppID: tokry.dll
Classes: cuskina.AVideo
TypeLib: {7165223D-D2C9-422B-8126-411B11842B8B}
Interface: {D263B532-C528-49E5-8BB6-80FA67332C9A}


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{23525528-AAA2-4D3E-8E51-829E705D4DE1}: NameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4681BB54-A3AC-43A6-AA0C-2D887D777116}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{23525528-AAA2-4D3E-8E51-829E705D4DE1}: NameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4681BB54-A3AC-43A6-AA0C-2D887D777116}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{23525528-AAA2-4D3E-8E51-829E705D4DE1}: NameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4681BB54-A3AC-43A6-AA0C-2D887D777116}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

and here is the stuff from SmitfraudFix


----------



## Punk

Ok, let's get a combofix log:

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* from one of the three below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open *Task Manager* then *Processes* tab (press ctrl, alt and del at the same time) and end any processes of *findstr, find, sed or swreg*, then combofix should continue.
If that happened we want to know, and also what process you had to end.


----------



## dylan walker

omboFix 08-05-15.3 - Jeffery 2008-05-17 20:19:18.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.675 [GMT 2:00]
Running from: C:\Documents and Settings\Jeffery\Desktop\ComboFix.exe

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\webmediaplayer.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Privacy Policy.url
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Terms and Conditions.url
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Website.url
c:\Documents and Settings\Jeffery\Local Settings\Application Data\bfzuima.dat
c:\documents and settings\jeffery\local settings\application data\bfzuima.exe
C:\Documents and Settings\Jeffery\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\smp.bat
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\msvcsv60.dll
C:\WINDOWS\system32\systemwindow.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent


(((((((((((((((((((((((((   Files Created from 2008-04-17 to 2008-05-17  )))))))))))))))))))))))))))))))
.

2008-05-17 17:27 . 2007-09-06 00:22	289,144	--a------	C:\WINDOWS\system32\VCCLSID.exe
2008-05-17 17:27 . 2006-04-27 17:49	288,417	--a------	C:\WINDOWS\system32\SrchSTS.exe
2008-05-17 17:27 . 2008-05-15 23:22	86,528	--a------	C:\WINDOWS\system32\VACFix.exe
2008-05-17 17:27 . 2008-04-28 08:03	82,944	--a------	C:\WINDOWS\system32\IEDFix.exe
2008-05-17 17:27 . 2008-04-28 08:03	82,944	--a------	C:\WINDOWS\system32\404Fix.exe
2008-05-17 17:27 . 2003-06-05 21:13	53,248	--a------	C:\WINDOWS\system32\Process.exe
2008-05-17 17:27 . 2004-07-31 18:50	51,200	--a------	C:\WINDOWS\system32\dumphive.exe
2008-05-17 17:27 . 2007-10-04 00:36	25,600	--a------	C:\WINDOWS\system32\WS2Fix.exe
2008-05-17 17:27 . 2008-05-17 17:27	4,766	--a------	C:\WINDOWS\system32\tmp.reg
2008-05-16 12:38 . 2008-05-16 12:35	691,545	--a------	C:\WINDOWS\unins000.exe
2008-05-16 12:38 . 2008-05-16 12:38	2,552	--a------	C:\WINDOWS\unins000.dat
2008-05-16 11:58 . 2008-05-16 12:03	0	--a------	C:\Debug.QC6
2008-05-15 17:44 . 2008-05-15 17:44	216,064	--a------	C:\WINDOWS\tokry.dll
2008-05-15 17:05 . 2008-05-15 17:28	<DIR>	d--------	C:\Program Files\FXpansion
2008-05-14 17:14 . 2008-05-14 17:14	<DIR>	d--------	C:\Program Files\Audio Ease
2008-05-14 17:14 . 2008-05-14 17:14	<DIR>	d--------	C:\Documents and Settings\Jeffery\Application Data\Audio Ease
2008-05-14 17:14 . 2008-05-14 17:14	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Audio Ease
2008-05-14 17:14 . 2007-09-12 13:51	491,520	--a------	C:\WINDOWS\system32\libencdec.dll
2008-05-14 16:09 . 2008-05-14 16:09	<DIR>	d--------	C:\Program Files\Digidesign
2008-05-14 15:07 . 2008-05-14 15:07	16	--a------	C:\WINDOWS\system32\w3data.vss
2008-05-14 15:07 . 2008-05-14 15:07	16	--a------	C:\WINDOWS\msocreg32.dat
2008-05-14 15:06 . 2008-05-14 16:09	<DIR>	d--------	C:\Program Files\IK Multimedia
2008-05-14 15:06 . 2008-05-14 15:06	<DIR>	d--------	C:\Program Files\Common Files\DigiDesign
2008-05-14 15:06 . 2008-05-14 15:06	<DIR>	d--------	C:\Documents and Settings\Jeffery\Application Data\InstallShield
2008-05-13 21:51 . 2003-09-04 10:02	311,295	--a------	C:\WINDOWS\LOOP.exe
2008-05-12 14:22 . 2008-05-17 20:26	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-05-12 14:22 . 2008-05-12 14:22	1,409	--a------	C:\WINDOWS\QTFont.for
2008-05-12 14:21 . 2008-05-12 14:21	<DIR>	d--------	C:\Program Files\iTunes
2008-05-12 14:21 . 2008-05-12 14:21	<DIR>	d--------	C:\Program Files\iPod
2008-05-12 14:17 . 2008-05-12 14:18	<DIR>	d--------	C:\Program Files\QuickTime
2008-05-12 14:08 . 2008-05-12 14:08	<DIR>	d--------	C:\Program Files\Apple Software Update
2008-05-10 22:11 . 2008-05-10 22:11	<DIR>	d--------	C:\Program Files\Ableton
2008-05-01 11:36 . 2008-05-01 11:36	1,160	--a------	C:\WINDOWS\mozver.dat
2008-04-30 13:52 . 2008-04-30 13:52	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-30 13:30 . 2008-04-30 13:30	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared
2008-04-28 21:36 . 2008-04-28 21:36	<DIR>	d--------	C:\Documents and Settings\Jeffery\Application Data\DivX
2008-04-28 20:43 . 2008-03-21 22:30	129,784	---------	C:\WINDOWS\system32\pxafs.dll
2008-04-28 20:43 . 2008-03-21 22:30	9,464	---------	C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-28 20:43 . 2008-03-21 22:30	9,336	---------	C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-25 08:04 . 2008-04-25 08:04	<DIR>	d--------	C:\ae267c39145c49d381c44c6f86ebbb
2008-04-21 17:18 . 2008-04-21 17:18	<DIR>	d--------	C:\Documents and Settings\Jeffery\Application Data\BitZipper
2008-04-21 17:17 . 2008-04-21 17:18	<DIR>	d--------	C:\Program Files\BitZipper
2008-04-21 07:39 . 2008-04-21 07:39	<DIR>	d--------	C:\Documents and Settings\Jeffery\Application Data\Talkback
2008-04-21 07:38 . 2008-04-21 07:38	0	--a------	C:\WINDOWS\nsreg.dat
2008-04-21 07:37 . 2008-04-21 07:37	<DIR>	d--------	C:\Program Files\Common Files\xing shared

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 18:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Kontiki
2008-05-17 11:19	---------	d-----w	C:\Program Files\GameSpy Arcade
2008-05-17 11:00	---------	d-----w	C:\Program Files\Microsoft Games
2008-05-16 16:00	---------	d-----w	C:\Program Files\Norton Security Scan
2008-05-16 12:35	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-16 11:03	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-05-15 15:28	---------	d-----w	C:\Program Files\Vstplugins
2008-05-14 13:06	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-05-10 20:08	---------	d-----w	C:\Documents and Settings\Jeffery\Application Data\Ableton
2008-05-09 20:56	---------	d-----w	C:\Documents and Settings\Jeffery\Application Data\MSN6
2008-04-30 11:42	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-04-28 18:44	---------	d-----w	C:\Program Files\DivX
2008-04-28 14:03	---------	d-----w	C:\Program Files\Kontiki
2008-04-21 14:56	---------	d-----w	C:\Program Files\BitComet
2008-04-21 05:37	---------	d-----w	C:\Program Files\Common Files\Real
2008-04-06 14:30	---------	d-----w	C:\Program Files\MagicISO
2008-04-06 12:34	---------	d-----w	C:\Documents and Settings\Jeffery\Application Data\Ahead
2008-03-25 05:49	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-23 19:27	---------	d-----w	C:\Program Files\Save Flash
2008-03-21 20:30	43,528	------w	C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-17 10:07	---------	d-----w	C:\Program Files\HistoryKill
2007-10-10 18:01	106,728	----a-w	C:\Documents and Settings\Jeffery\Application Data\GDIPFONTCACHEV1.DAT
2007-04-15 17:56	560	----a-w	C:\Documents and Settings\Jeffery\Application Data\ViewerApp.dat
2006-12-30 09:27	69,632	----a-w	C:\Documents and Settings\Jeffery\Application Data\internaldb4827.dat
2006-12-30 09:27	151	----a-w	C:\Documents and Settings\Jeffery\Application Data\internaldb9912.dat
2006-12-30 09:27	0	----a-w	C:\Documents and Settings\Jeffery\Application Data\internaldb6500.dat
2006-11-18 19:03	0	----a-w	C:\Documents and Settings\Jeffery\Application Data\internaldb5436.dat
2006-11-16 16:55	0	----a-w	C:\Documents and Settings\Jeffery\Application Data\internaldb2391.dat
2006-11-16 01:52	49	----a-w	C:\Documents and Settings\Jeffery\Application Data\internaldb41.dat
2006-11-13 00:02	0	----a-w	C:\Documents and Settings\Jeffery\Application Data\internaldb9169.dat
2006-11-13 00:02	0	----a-w	C:\Documents and Settings\Jeffery\Application Data\internaldb1869.dat
2006-11-04 13:58	9,216	----a-w	C:\Documents and Settings\Jeffery\Application Data\internaldb8467.dat
2006-11-04 13:58	0	----a-w	C:\Documents and Settings\Jeffery\Application Data\internaldb6334.dat
2001-11-23 04:08	712,704	----a-w	C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2005-03-16 17:33	56	--sh--r	C:\WINDOWS\system32\B4E0BF4456.sys
2006-06-11 16:37	4,184	--sha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95E1D855-9232-48F7-80D9-1ADB65B7939C}]
2008-05-15 17:44	216064	--a------	C:\WINDOWS\tokry.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-15 19:52 67128]
"BestPopUpKiller"="C:\Program Files\BestPopUpKiller\BestPopupKiller.exe" [ ]
"SpyKiller"="C:\Program Files\SpyKiller\spykiller.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-07 19:47 68856]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 18:32 1040832]
"antispy"="C:\Documents and Settings\Jeffery\My Documents\Dafydd\Various\FyddNeb\IEAntiVirus\ANTIVIRUS.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-06 18:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-06 18:07 114688]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 15:17 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-08-29 15:20 77824]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 07:20 28672]
"PicasaNet"="C:\Program Files\Hello\Hello.exe" [ ]
"CnxDslTaskBar"="C:\Program Files\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2006-01-10 20:30 462848]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"mxomssmenu"="C:\Documents and Settings\Jeffery\My Documents\Dafydd's file OLD STUFF NOW ON EXTERNAL DRIVE\one touch external hardrive\OneTouch Status\maxmenumgr.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-21 07:36 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-09-03 02:36 100032]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Belkin 802.11g Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe [2007-12-13 18:44:27 327765]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-05-07 18:38:03 839680]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-15 19:52:08 67128]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-06-10 18:55:28 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-06-10 18:55:17 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\LimeWire\\LimeWire 4.2.6\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Tiscali_ADSL\\Wizard\\Offline\\CTD_FirmwareUpgrader_Tiscali.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Server\\haloded.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VirtualDJ\\virtualdj_trial.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 ssoftnt4;ssoftnt4;C:\WINDOWS\system32\Drivers\ssoftnt4.sys [2004-05-21 02:30]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2003-07-24 13:10]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25]
S2 Maxtor Sync Service;Maxtor Service;"C:\Documents and Settings\Jeffery\My Documents\Dafydd's file OLD STUFF NOW ON EXTERNAL DRIVE\one touch external hardrive\Sync\SyncServices.exe" []
S3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2006-01-10 20:30]
S3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2006-01-10 20:30]
S3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2006-01-10 20:30]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 05:41]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83c7f906-a95a-11dc-9dc9-0001297494d5}]
\Shell\AutoRun\command - E:\ReadMe.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 11:15:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-03-16 18:51:17 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1102702365.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I 
"2008-05-16 17:29:59 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 20:26:25
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

scanning hidden processes ... 

C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe [1528] 0x89610A38

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\WINDOWS\system32\ssoftsrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2008-05-17 20:34:05 - machine was rebooted [Jeffery]
ComboFix-quarantined-files.txt  2008-05-17 18:33:45

Pre-Run: 12,241,600,512 bytes free
Post-Run: 12,167,200,768 bytes free

278	--- E O F ---	2008-05-17 10:02:16


this ifs the info i got


----------



## Punk

Hello, please do the following:

*Download Avenger, and unzip it to your desktop or somewhere you can find it.Â  (Do not run it yet).*

Note: This program is for use on Windows XP *32 bit* systems only, and must be run from an Administrator account.


Open a *Notepad* file by clicking *Start > Run*Â  and typing *Notepad.exe* in the box, click *OK*.
Click *Format*, and ensure *Word Wrap* is unchecked.
Copy and Paste the text in the box below into *Notepad*.
Now save the file as *RemoveFiles.txt* in a location where you can find it.



> Files to delete:
> C:\WINDOWS\tokry.dll
> C:\WINDOWS\LOOP.exe
> C:\Documents and Settings\Jeffery\Application Data\internaldb4827.dat
> C:\Documents and Settings\Jeffery\Application Data\internaldb9912.dat
> C:\Documents and Settings\Jeffery\Application Data\internaldb6500.dat
> C:\Documents and Settings\Jeffery\Application Data\internaldb5436.dat
> C:\Documents and Settings\Jeffery\Application Data\internaldb2391.dat
> C:\Documents and Settings\Jeffery\Application Data\internaldb41.dat
> C:\Documents and Settings\Jeffery\Application Data\internaldb9169.dat
> C:\Documents and Settings\Jeffery\Application Data\internaldb1869.dat
> C:\Documents and Settings\Jeffery\Application Data\internaldb8467.dat
> C:\Documents and Settings\Jeffery\Application Data\internaldb6334.dat
> C:\WINDOWS\system32\B4E0BF4456.sys



Note: the above code was created specifically for this user. If you are not this user, do *NOT* follow these directions as they could damage the workings of your system.

Start *Avenger* by double clicking on *Avenger.exe*.

Check *Load script from file:*
Click on the *folder symbol* below and to the right, and browse to *RemoveFiles.txt*.
Double click it to enter it into Avenger.
Click the *green traffic light symbol*.
You will be asked if you want to execute the script, answer *Yes*.
At this point you may get prompts from your protection systems, allow them please.
Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
Answer *Yes*, and allow your computer to re-boot.
Upon re-boot a command window will briefly appear on screen (this is normal).
A Notepad text file will be created *C:\avenger.txt*.
*Copy and Paste it into your next post please.*



*Download Deckard's System Scanner (DSS)* to your Desktop. Note: You must be logged onto an account with administrator privileges.

 Close all applications and windows.
 Double-click on *dss.exe* to run it, and follow the prompts.
 When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
 Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *main.txt* and the *extra.txt* to your post. in your reply


----------



## dylan walker

here is the one from avenger

15:11:49: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun May 18 15:11:59 2008

15:11:59: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\tokry.dll" deleted successfully.
File "C:\WINDOWS\LOOP.exe" deleted successfully.
File "C:\Documents and Settings\Jeffery\Application Data\internaldb4827.dat" deleted successfully.
File "C:\Documents and Settings\Jeffery\Application Data\internaldb9912.dat" deleted successfully.
File "C:\Documents and Settings\Jeffery\Application Data\internaldb6500.dat" deleted successfully.
File "C:\Documents and Settings\Jeffery\Application Data\internaldb5436.dat" deleted successfully.
File "C:\Documents and Settings\Jeffery\Application Data\internaldb2391.dat" deleted successfully.
File "C:\Documents and Settings\Jeffery\Application Data\internaldb41.dat" deleted successfully.
File "C:\Documents and Settings\Jeffery\Application Data\internaldb9169.dat" deleted successfully.
File "C:\Documents and Settings\Jeffery\Application Data\internaldb1869.dat" deleted successfully.
File "C:\Documents and Settings\Jeffery\Application Data\internaldb8467.dat" deleted successfully.
File "C:\Documents and Settings\Jeffery\Application Data\internaldb6334.dat" deleted successfully.
File "C:\WINDOWS\system32\B4E0BF4456.sys" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.


----------



## dylan walker

here is the first half of main txt 

Deckard's System Scanner v20071014.68
Run by Jeffery on 2008-05-18 15:17:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
126: 2008-05-18 13:17:38 UTC - RP1469 - Deckard's System Scanner Restore Point
125: 2008-05-17 22:07:52 UTC - RP1468 - Software Distribution Service 3.0
124: 2008-05-17 18:17:03 UTC - RP1467 - ComboFix created restore point
123: 2008-05-17 09:59:06 UTC - RP1466 - Software Distribution Service 3.0
122: 2008-05-16 12:38:28 UTC - RP1465 - Restore Operation


-- First Restore Point -- 
1: 2008-03-29 15:02:37 UTC - RP1344 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jeffery.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:38 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Jeffery\Desktop\dss.exe
C:\DOCUME~1\Jeffery\Desktop\Jeffery.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Video - {95E1D855-9232-48F7-80D9-1ADB65B7939C} - C:\WINDOWS\tokry.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Documents and Settings\Jeffery\My Documents\Dafydd's file OLD STUFF NOW ON EXTERNAL DRIVE\one touch external hardrive\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [antispy] C:\Documents and Settings\Jeffery\My Documents\Dafydd\Various\FyddNeb\IEAntiVirus\ANTIVIRUS.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYYFR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {36A59337-6EEF-40AE-94B1-ED443A0C4740} - http://download.abetterinternet.com/download/cabs/BANDLL58/banner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167573335234
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/s.../pages/scanner/ErrorSafeNewReleaseInstall.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{23525528-AAA2-4D3E-8E51-829E705D4DE1}: NameServer = 192.168.2.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Unknown owner - C:\Documents and Settings\Jeffery\My Documents\Dafydd's file OLD STUFF NOW ON EXTERNAL DRIVE\one touch external hardrive\Sync\SyncServices.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O24 - Desktop Component 0: (no name) - http://www.trojanrecords.net/pics/wallpaper/boxsetsS.jpg
O24 - Desktop Component 1: (no name) - http://www.trojanrecords.net/pics/wallpaper/LogoTile.gif
O24 - Desktop Component 3: (no name) - http://google.co.uk/


----------



## dylan walker

and here is the second

End of file - 15818 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - c:\windows\system32\drivers\sfsync04.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 ssoftnt4 - c:\windows\system32\drivers\ssoftnt4.sys
R3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\program files\belkin\belkin 802.11g wireless pci card configuration utility\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 CnxEtP (Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver) - c:\windows\system32\drivers\cnxetp.sys <Not Verified; Conexant; Conexant USB ADSL Modem>
S3 CnxEtU (Trust MD3100 USB ADSL MODEM Loader) - c:\windows\system32\drivers\cnxetu.sys <Not Verified; Conexant; Conexant USB ADSL Modem>
S3 CnxTgN (Trust MD3100 USB ADSL MODEM LAN Adapter Driver) - c:\windows\system32\drivers\cnxtgn.sys <Not Verified; Conexant Systems Inc.; Conexant AccessRunner ADSL>
S3 e4usbaw (USB ADSL2 WAN Adapter) - c:\windows\system32\drivers\e4usbaw.sys <Not Verified; Analog Devices Inc.; ADSL USB WAN Driver>
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 ssoftservice (Cryptainer service) - ssoftsrv.exe <Not Verified; Cypherix; Cryptainer>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 Maxtor Sync Service (Maxtor Service) - "c:\documents and settings\jeffery\my documents\dafydd's file old stuff now on external drive\one touch external hardrive\sync\syncservices.exe" (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 IOLO_SRV (iolo System Guard) - c:\program files\iolo\system mechanic 7\iolosgctrl.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Belkin 802.11g Wireless Card
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_700A1799&REV_01\4&1F7DBC9F&0&58F0
Manufacturer: Belkin Components
Name: Belkin 802.11g Wireless Card
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_700A1799&REV_01\4&1F7DBC9F&0&58F0
Service: RT2500

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: 
Device ID: ROOT\WPD\0000
Manufacturer: 
Name: 
PNP Device ID: ROOT\WPD\0000
Service: 


-- Scheduled Tasks -------------------------------------------------------------

2008-05-16 19:29:59       412 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-05-15 13:15:05       284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-03-16 20:51:17       346 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1102702365.job


-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-17 20:15:43     68096 --a------ C:\WINDOWS\zip.exe
2008-05-17 20:15:43     49152 --a------ C:\WINDOWS\VFind.exe
2008-05-17 20:15:43    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-17 20:15:43    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-17 20:15:43    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-17 20:15:43     98816 --a------ C:\WINDOWS\sed.exe
2008-05-17 20:15:43     80412 --a------ C:\WINDOWS\grep.exe
2008-05-17 20:15:43     73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-17 17:27:50      4766 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-17 17:27:17     25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-17 17:27:17    289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-17 17:27:17     86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-17 17:27:17    288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-17 17:27:17     53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-17 17:27:17     82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-17 17:27:17     51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-17 17:27:17     82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 12:38:04    691545 --a------ C:\WINDOWS\unins000.exe
2008-05-16 12:38:04      2552 --a------ C:\WINDOWS\unins000.dat
2008-05-15 17:56:22         0 dr-h----- C:\Documents and Settings\Jeffery\Recent
2008-05-15 17:05:59         0 d-------- C:\Program Files\FXpansion
2008-05-14 17:14:06    491520 --a------ C:\WINDOWS\system32\libencdec.dll
2008-05-14 17:14:06         0 d-------- C:\Documents and Settings\Jeffery\Application Data\Audio Ease
2008-05-14 17:14:05         0 d-------- C:\Program Files\Audio Ease
2008-05-14 17:14:05         0 d-------- C:\Documents and Settings\All Users\Application Data\Audio Ease
2008-05-14 16:09:23         0 d-------- C:\Program Files\Digidesign
2008-05-14 15:07:53        16 --a------ C:\WINDOWS\msocreg32.dat
2008-05-14 15:06:16         0 d-------- C:\Program Files\Common Files\DigiDesign
2008-05-14 15:06:06         0 d-------- C:\Program Files\IK Multimedia
2008-05-14 15:06:01         0 d-------- C:\Documents and Settings\Jeffery\Application Data\InstallShield
2008-05-12 14:21:16         0 d-------- C:\Program Files\iPod
2008-05-12 14:21:09         0 d-------- C:\Program Files\iTunes
2008-05-12 14:17:46         0 d-------- C:\Program Files\QuickTime
2008-05-12 14:08:49         0 d-------- C:\Program Files\Apple Software Update
2008-05-10 22:11:52         0 d-------- C:\Program Files\Ableton
2008-05-01 11:36:05      1160 --a------ C:\WINDOWS\mozver.dat
2008-04-30 13:52:13         0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-30 13:30:15         0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-28 21:36:08         0 d-------- C:\Documents and Settings\Jeffery\Application Data\DivX
2008-04-25 08:04:42         0 d-------- C:\ae267c39145c49d381c44c6f86ebbb
2008-04-21 17:18:02         0 d-------- C:\Documents and Settings\Jeffery\Application Data\BitZipper
2008-04-21 17:17:53         0 d-------- C:\Program Files\BitZipper
2008-04-21 07:39:02         0 d-------- C:\Documents and Settings\Jeffery\Application Data\Talkback
2008-04-21 07:38:28         0 --a------ C:\WINDOWS\nsreg.dat
2008-04-21 07:37:26         0 d-------- C:\Program Files\Common Files\xing shared


-- Find3M Report ---------------------------------------------------------------

2008-05-17 13:19:21         0 d-------- C:\Program Files\GameSpy Arcade
2008-05-17 13:00:17         0 d-------- C:\Program Files\Microsoft Games
2008-05-16 18:00:00         0 d-------- C:\Program Files\Norton Security Scan
2008-05-15 17:29:00    233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX>
2008-05-15 17:29:00     69632 --a------ C:\WINDOWS\system32\FxShared.dll
2008-05-15 17:28:05         0 d-------- C:\Program Files\Vstplugins
2008-05-14 15:06:25         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 15:06:16         0 d-------- C:\Program Files\Common Files
2008-05-10 22:08:09         0 d-------- C:\Documents and Settings\Jeffery\Application Data\Ableton
2008-05-09 22:56:49         0 d-------- C:\Documents and Settings\Jeffery\Application Data\MSN6
2008-04-30 13:56:48         0 d-------- C:\Documents and Settings\Jeffery\Application Data\Adobe
2008-04-30 13:42:26         0 d-------- C:\Program Files\Common Files\Adobe
2008-04-28 20:44:16         0 d-------- C:\Program Files\DivX
2008-04-28 16:03:02         0 d-------- C:\Program Files\Kontiki
2008-04-21 16:56:11         0 d-------- C:\Program Files\BitComet
2008-04-21 07:38:25         0 d-------- C:\Documents and Settings\Jeffery\Application Data\Mozilla
2008-04-21 07:37:11         0 d-------- C:\Program Files\Common Files\Real
2008-04-06 16:30:13         0 d-------- C:\Program Files\MagicISO
2008-04-06 14:34:43         0 d-------- C:\Documents and Settings\Jeffery\Application Data\Ahead
2008-03-31 23:25:48    823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:25:48    823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:25:46    802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 23:25:46    831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25:46    682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-23 21:27:49         0 d-------- C:\Program Files\Save Flash
2008-03-21 22:30:08   3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 22:28:54    196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 22:28:54     81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 22:28:20     12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-14 13:22:54    368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95E1D855-9232-48F7-80D9-1ADB65B7939C}]
			C:\WINDOWS\tokry.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/06/2003 06:19 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/06/2003 06:07 PM]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/08/2003 06:35 PM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/29/2003 03:17 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/29/2003 03:20 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/25/2002 07:20 AM]
"PicasaNet"="C:\Program Files\Hello\Hello.exe" []
"CnxDslTaskBar"="C:\Program Files\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [01/10/2006 08:30 PM]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"mxomssmenu"="C:\Documents and Settings\Jeffery\My Documents\Dafydd's file OLD STUFF NOW ON EXTERNAL DRIVE\one touch external hardrive\OneTouch Status\maxmenumgr.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/21/2008 07:36 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [02/15/2007 07:52 PM]
"BestPopUpKiller"="C:\Program Files\BestPopUpKiller\BestPopupKiller.exe" []
"SpyKiller"="C:\Program Files\SpyKiller\spykiller.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 09:56 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/15/2005 09:21 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/07/2007 07:47 PM]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [11/08/2006 06:32 PM]
"antispy"="C:\Documents and Settings\Jeffery\My Documents\Dafydd\Various\FyddNeb\IEAntiVirus\ANTIVIRUS.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83c7f906-a95a-11dc-9dc9-0001297494d5}]
AutoRun\command- E:\ReadMe.exe




-- End of Deckard's System Scanner: finished at 2008-05-18 15:21:54 ------------


----------



## dylan walker

and here is the first half of extra.txt 


ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jeffery\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CRISP-CSHQT7SCQ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jeffery
LOGONSERVER=\\CRISP-CSHQT7SCQ
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jeffery\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jeffery\LOCALS~1\Temp
USERDOMAIN=CRISP-CSHQT7SCQ
USERNAME=Jeffery
USERPROFILE=C:\Documents and Settings\Jeffery
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jeffery _(admin)_


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
 --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
 --> C:\WINDOWS\UNNMP.exe /UNINSTALL
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
123 DVD Converter --> "C:\Program Files\123 DVD Converter\unins000.exe"
4oD --> MsiExec.exe /I {68D88FD1-C7BA-4BC9-B6A6-9685FAECD7EE}
7.9 --> C:\Poster7\unins000.exe
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 2.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS2 Tryout --> msiexec /I {AD05F1FF-F284-402D-952A-ABCA6A6063FB}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Age Of Empire-II The Age Of Kings --> C:\WINDOWS\unvise32.exe C:\Age Of Empire-II\uninstal.log
AmpegSVX --> C:\Program Files\InstallShield Installation Information\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Archos MPG4 Translator V3.0.12 --> C:\Program Files\Archos MP4SP\Uninstal.exe
Archos MPG4 Translator V3.0.8 --> C:\Program Files\Archos MP4SP\Uninstal.exe
Archos MPG4 Translator V3.0.9 --> C:\Program Files\Archos MP4SP\Uninstal.exe
ArcSoft Panorama Maker 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CABB679-3958-44AA-BFFF-4E68A2684255}\Setup.exe" -l0x9  -uninst 
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Assistant de configuration Tiscali --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE7C4D88-0B31-4668-B533-15BDAC5EAA0F}\setup.exe" -l040c -ct35x
AudioEase Speakersphone VST RTAS v1.01 --> "C:\Program Files\Audio Ease\Speakerphone\Uninstall\unins000.exe"
Autograph 3 --> MsiExec.exe /I{AA2C8973-5BED-4988-936A-4B91A26655D7}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Belkin 802.11g Wireless PCI Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C2635E-336A-4CDF-8936-994F989E67D1}\Setup.exe" 
BitComet 1125_unstable --> C:\Program Files\BitComet\uninst.exe
BitZipper 5.0.2 --> "C:\Program Files\BitZipper\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
Championship Manager 01-02 --> C:\WINDOWS\iun6002ev.exe "C:\Program Files\Championship Manager 01-02\irunin.ini"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Commandos, Le Sens du Devoir --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Eidos Interactive\Pyro\Commandos, Le Sens du Devoir\DeIsL1.isu"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Coolect --> C:\WINDOWS\Coolect Uninstaller.exe
DESCENT II --> C:\WINDOWS\uninst.exe -fC:\Descent2\DeIsL1.isu
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dr. DivX Trial --> C:\Program Files\DivX\DrDivXUninstall.exe /DRDIVX
Drivers Comtrend CT-600 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58ADBB59-B279-4B65-9705-D393891840FF}\setup.exe" -l0x40c 
Driving Test Success 2006/7 --> "C:\Program Files\Driving Test Success 2006-2007\unins000.exe"
DSS DJ 5.6 --> "C:\Program Files\MyXOFT\DSS DJ\unins000.exe"
Favorit --> "c:\documents and settings\jeffery\local settings\application data\bfzuima.exe" -uninstall
First Step Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EC786D5-C0CA-42E0-AF88-5379EF9D91EC}\setup.exe" -l0x9 UNINSTALL
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
FLAC 1.2.1b (remove only) --> C:\Documents and Settings\Jeffery\My Documents\Dafydd\FLAC\uninstall.exe
Font Creator 5.0 --> "C:\Program Files\High-Logic\Font Creator\unins000.exe"
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Desktop Search --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe -uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9  -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
Halo Server --> "C:\Program Files\Microsoft Games\Halo Server\UNINSTAL.EXE" /runtemp /addremove
HijackThis 2.0.2 --> "C:\Documents and Settings\Jeffery\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe  /s  CeS
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
IK Multimedia Amplitube DX/VST/RTAS v2.0 --> C:\PROGRA~1\IKMULT~1\AMPLIT~1\UNWISE.EXE C:\PROGRA~1\IKMULT~1\AMPLIT~1\INSTALL.LOG
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
ImageMixer VCD2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPAQ WebReg --> MsiExec.exe /I{D37C6152-89DF-4D29-83CF-666200D5F398}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 2 Runtime Environment Standard Edition v1.3.1_04 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_04\Uninst.isu"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lemmings Paintball --> C:\WINDOWS\uninst.exe -fC:\Games\LemBall\DeIsLog.2
LimeWire --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{831B265C-C203-4B72-A8F6-ECA1530957D3} 
Live 7.0.3 --> C:\PROGRA~1\Ableton\LIVE70~1.3\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE70~1.3\Install\INSTALL.LOG
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam --> MsiExec.exe /I{A488D63E-B3DD-4423-892F-2F2EC8909518}
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Magic ISO Maker v5.4 (build 0256) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Maxtor Manager --> "C:\Program Files\InstallShield Installation Information\{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager --> MsiExec.exe /I{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}
MaxTV --> "C:\WINDOWS\MaxTV\uninstall.exe" "/U:C:\Program Files\MaxTV\Uninstall\uninstall.xml"
MaxTV Online --> "C:\WINDOWS\MaxTV Online\uninstall.exe" "/U:C:\Program Files\MaxTV Online\Uninstall\uninstall.xml"
Michael Schumacher Racing World - Kart 2002 - Rookie --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A956BD92-DA45-4733-B8C2-E4D85DDC9EEC}\Setup.exe" 
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard - WE 2003 --> MsiExec.exe /I{035A0014-3975-4267-9F39-1DC4745090B7}
Microsoft Halo Trial --> "C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Rise Of Nations Trial --> "C:\Program Files\Microsoft Games\Rise of Nations Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
My Toolbar - Toolbar --> regsvr32 /u /s "C:\Program Files\KoolBar\koolbar.dll" 
Native Instruments Service Center --> C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
Native Instruments Traktor DJ Studio 3 --> C:\PROGRA~1\NATIVE~1\TRAKTO~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\TRAKTO~1\INSTALL.LOG
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Nikon View 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
Novation Bass-Station VSTi v1.10 --> C:\DOCUME~1\Jeffery\MYDOCU~1\Dafydd\Various\FyddNeb\BASS-S~1\BASS-S~1\UNWISE.EXE C:\DOCUME~1\Jeffery\MYDOCU~1\Dafydd\Various\FyddNeb\BASS-S~1\BASS-S~1\INSTALL.LOG
Owl and Mouse Europe Map Puzzle --> C:\PROGRA~1\MAPPUZ~1\mapuzeur\UNWISE.EXE C:\PROGRA~1\MAPPUZ~1\mapuzeur\INSTALL.LOG
PCDJ VJ --> C:\PROGRA~1\DIGITA~1\PCDJVJ~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\PCDJVJ~1\INSTALL.LOG
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoScore Professional Demo --> C:\PROGRA~1\NEURAT~1\UNWISE.EXE C:\PROGRA~1\NEURAT~1\INSTALL.LOG
Picture Package --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x9 REMOVE
Reason 3.0 --> "C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Reason Demo Beta 3.0b1 --> "C:\Program Files\Propellerhead\Reason Demo Beta\Uninstall Reason Demo Beta\unins000.exe"
Rise and Fall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}\Setup.exe" -l0x9  -removeonly
Rise of Nations --> "C:\Program Files\Microsoft Games\Rise of Nations\Uninstal.exe" /runtemp /uninstall
SAGEM F@st 800-840 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\Setup.exe" -l0x9 
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sibelius Demo --> C:\PROGRA~1\SIBELI~1\SIBELI~1\UNWISE.EXE C:\PROGRA~1\SIBELI~1\SIBELI~1\INSTALL.LOG
SierraHome Print Artist 12.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Sierra\Print Artist 12.0\PaUninst.isu" -c"C:\Sierra\Print Artist 12.0\Uninstpa.DLL"
Snitch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF3BB92C-1E4D-4CDF-BB97-9786C16649FF}\setup.exe" -l0x9  -removeonly
Sony ACID XPress 5.0a --> MsiExec.exe /X{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
TablEdit 2.64 --> "C:\Program Files\TablEdit\unins000.exe"
Trust MD3100 USB ADSL MODEM LAN Adapter --> C:\Program Files\Trust\Trust MD3100 USB ADSL MODEM\CnxUnist.exe -w7 AccessRunner ADSL
Ulead Photo Express 2.0 SE --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\Uninst.isu" -c"C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\IS32Inst.dll"
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~3\UNWISE.EXE C:\PROGRA~1\VIRTUA~3\INSTALL.LOG
Virtual Earth 3D (Beta) --> MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Worms Armageddon --> C:\WINDOWS\IsUninst.exe -f"c:\Team17\Worms Armageddon\Uninst.isu"
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"


----------



## dylan walker

and the second half

-- Application Event Log -------------------------------------------------------

Event Record #/Type34686 / Error
Event Submitted/Written: 05/18/2008 00:08:30 AM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 1.1 - Update '{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type34685 / Error
Event Submitted/Written: 05/18/2008 00:08:29 AM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Event Record #/Type34681 / Error
Event Submitted/Written: 05/17/2008 11:55:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20061.1023, faulting module unknown, version 0.0.0.0, fault address 0x5f5b7365.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type34656 / Success
Event Submitted/Written: 05/17/2008 00:22:12 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type34651 / Error
Event Submitted/Written: 05/17/2008 00:02:15 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 1.1 - Update '{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type36149 / Error
Event Submitted/Written: 05/18/2008 03:16:33 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The KService service hung on starting.

Event Record #/Type36148 / Error
Event Submitted/Written: 05/18/2008 03:15:10 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The General Purpose USB Driver (e4ldr.sys) service failed to start due to the following error: 
%%1058

Event Record #/Type36108 / Error
Event Submitted/Written: 05/18/2008 10:31:50 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The KService service hung on starting.

Event Record #/Type36107 / Error
Event Submitted/Written: 05/18/2008 10:30:29 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The General Purpose USB Driver (e4ldr.sys) service failed to start due to the following error: 
%%1058

Event Record #/Type36103 / Error
Event Submitted/Written: 05/18/2008 00:08:30 AM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366).



-- End of Deckard's System Scanner: finished at 2008-05-18 15:21:54 ------------


----------



## Punk

Hello, 

Sorry for the late reply, I'm still going through your log at the moment. I will post a fix later tonight (France time).


----------



## dylan walker

Thats fine. I live in France, where abouts do you live?


----------

