1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Virus checker detecting hundreds of spam emails being sent from computer

Discussion in 'Malware and Virus Removal Archive' started by djn, 2008/03/22.

  1. 2008/03/22
    djn

    djn Inactive Thread Starter

    Joined:
    2008/03/22
    Messages:
    2
    Likes Received:
    0
    Hello

    I really hope u can help...

    My virus checker bitdefender antivirus2008 is detecting hundreds of spam emails being sent from my computer... (I presume they are coming from Outlook express though nothing appears in the outbox) I fear I might have unwittingly activated a virus on my computer... I have added a hijack log in the hope that someone might be able to help me with any rogue elements... Thanks in advance.

    DJ


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:03:03, on 22/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Washer\WasherSvc.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
    C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
    C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    C:\WINDOWS\system32\knaalh.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Documents and Settings\Drew James Nimmo\Application Data\DesktopAssistant\DA.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
    C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Outlook Express\msimn.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.19.55.9:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: Anonymous Browsing - {866D0E2C-8CCE-4AAE-B9F4-59F245945691} - C:\Program Files\Anonymous Browsing\AAABBar.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe "
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe "
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe "
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe "
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe "
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe "
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe "
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe "
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe "
    O4 - HKLM\..\Run: [eRecoveryService] "C:\Program Files\Acer\eRecovery\Monitor.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
    O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
    O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    O4 - HKLM\..\Run: [knaalh] C:\WINDOWS\system32\knaalh.exe
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe "
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe "
    O4 - HKLM\..\RunServices: [knaalh] C:\WINDOWS\system32\knaalh.exe
    O4 - HKCU\..\Run: [DA] "C:\Documents and Settings\Drew James Nimmo\Application Data\DesktopAssistant\DA.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2057E707-FA09-451B-972F-9CFBA9F2423C} (Tiscali702) - http://www.tiscali.it/cabs/Tiscali702.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advan...amfrogweb.com-advanced-2.0.2.3_instmodule.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142502594140
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED95F22F-F603-462C-8F86-A7C6EA8182BC}: NameServer = 213.205.32.70,213.205.36.70
    O18 - Protocol: schmap-help - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\DREWJA~1\LOCALS~1\Temp\hpdj00.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    O23 - Service: Print Spooler Service (ykiqywhuuaeeao47) - Unknown owner - C:\WINDOWS\system32\knaalh.exe

    --
    End of file - 12355 bytes
     
    djn,
    #1
  2. 2008/03/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS djn :)

    Lets get a better look at things. Download Deckard's System Scanner (dss.exe) and save it to your desktop.
    • Close all applications and windows.
    • Double click on dss.exe to run it and follow the prompts.
    • When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
    Post the contents of main.txt only for now.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2008/03/22
    djn

    djn Inactive Thread Starter

    Joined:
    2008/03/22
    Messages:
    2
    Likes Received:
    0
    THanks

    Here's the log..Thanks!

    Deckard's System Scanner v20071014.68
    Run on 2008-03-22 18:26:38
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------



    -- Last 5 Restore Point(s) --
    7: 2008-03-22 17:17:36 UTC - RP62 - Deckard's System Scanner Restore Point
    6: 2008-03-22 10:24:24 UTC - RP61 - Installed BitDefender Antivirus 2008
    5: 2008-03-22 10:15:15 UTC - RP60 - Removed BitDefender Antivirus v10
    4: 2008-03-20 22:10:26 UTC - RP59 - System Checkpoint
    3: 2008-03-19 17:38:14 UTC - RP58 - System Checkpoint


    -- First Restore Point --
    1: 2008-03-15 15:49:22 UTC - RP56 - Software Distribution Service 3.0


    Backed up registry hives.
    Performed disk cleanup.

    Percentage of Memory in Use: 80% (more than 75%).
    Total Physical Memory: 503 MiB (512 MiB recommended).
    System Drive C: has 1.95 GiB (less than 15%) free.


    -- HijackThis (run as ,,,,,,,,,,,,.exe) ------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:39:42, on 22/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Washer\WasherSvc.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
    C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
    C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    C:\WINDOWS\system32\knaalh.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Documents and Settings\,,,,,,,,,,,\Application Data\DesktopAssistant\DA.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Documents and Settings\Drew James Nimmo\Desktop\dss.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Drew James Nimmo.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.19.55.9:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: Anonymous Browsing - {866D0E2C-8CCE-4AAE-B9F4-59F245945691} - C:\Program Files\Anonymous Browsing\AAABBar.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe "
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe "
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe "
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe "
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe "
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe "
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe "
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe "
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe "
    O4 - HKLM\..\Run: [eRecoveryService] "C:\Program Files\Acer\eRecovery\Monitor.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
    O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
    O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    O4 - HKLM\..\Run: [knaalh] C:\WINDOWS\system32\knaalh.exe
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe "
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe "
    O4 - HKLM\..\RunServices: [knaalh] C:\WINDOWS\system32\knaalh.exe
    O4 - HKCU\..\Run: [DA] "C:\Documents and Settings\Drew James Nimmo\Application Data\DesktopAssistant\DA.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2057E707-FA09-451B-972F-9CFBA9F2423C} (Tiscali702) - http://www.tiscali.it/cabs/Tiscali702.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advan...amfrogweb.com-advanced-2.0.2.3_instmodule.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142502594140
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED95F22F-F603-462C-8F86-A7C6EA8182BC}: NameServer = 213.205.32.70,213.205.36.70
    O18 - Protocol: schmap-help - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\DREWJA~1\LOCALS~1\Temp\hpdj00.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    O23 - Service: Print Spooler Service (ykiqywhuuaeeao47) - Unknown owner - C:\WINDOWS\system32\knaalh.exe

    --
    End of file - 12853 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 MDPMGRNT - c:\windows\system32\drivers\mdpmgrnt.sys <Not Verified; Mediafour Corporation; Mediafour MacDrive>
    R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys
    R1 Hotkey - c:\windows\system32\drivers\hotkey.sys
    R1 MDFSYSNT - c:\windows\system32\drivers\mdfsysnt.sys <Not Verified; Mediafour Corporation; MacDrive>
    R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
    R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
    R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
    R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
    R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
    R2 int15.sys - c:\program files\acer\erecovery\int15.sys
    R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Avocent/OSA Technologies Inc.; Windows (R) Server 2003 DDK driver>
    R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
    R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
    R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
    R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
    R3 POWERKEY - c:\program files\launch manager\powerkey.sys

    S1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys (file missing)
    S1 Wbutton - c:\windows\system32\drivers\wbutton.sys (file missing)
    S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
    S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>
    S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
    S3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys (file missing)
    S3 HSFHWICH - c:\windows\system32\drivers\hsfhwich.sys (file missing)
    S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
    S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
    S3 Profos - c:\program files\softwin\bitdefender10\profos.sys (file missing)
    S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
    S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
    S3 ST330 - c:\windows\system32\drivers\st330.sys <Not Verified; THOMSON Telecom Belgium; SpeedTouch 330>
    S3 STBUS - c:\windows\system32\drivers\stbus.sys <Not Verified; THOMSON Telecom Belgium; SpeedTouch vbus>
    S3 Trufos - c:\program files\softwin\bitdefender10\trufos.sys (file missing)
    S3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys (file missing)
    S3 ZSMC326 (Vimicro USB2.0 PC Camera(VC0323)) - c:\windows\system32\drivers\usbvm323.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

    S2 hpdj00 - c:\docume~1\drewja~1\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=hp psc 1500 series -product=aio (file missing)
    S2 ykiqywhuuaeeao47 (Print Spooler Service) - c:\windows\system32\knaalh.exe /service
    S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
    S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID:
    Description: PCI Modem
    Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&B1BFB68&0&F3
    Manufacturer:
    Name: PCI Modem
    PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&B1BFB68&0&F3
    Service:


    -- Scheduled Tasks -------------------------------------------------------------

    2008-03-22 18:09:20 386 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
    2008-03-22 00:00:06 330 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job
    2008-03-21 19:05:42 444 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8D05F07E-20F3-4BA9-95C4-0EBBE9989155}.job
    2008-03-17 12:04:24 314 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
    2008-02-07 15:33:26 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-02-22 and 2008-03-22 -----------------------------

    2008-03-22 18:23:02 0 d--hs---- C:\FOUND.047
    2008-03-22 14:48:55 0 d-------- C:\Program Files\Port Explorer
    2008-03-22 11:25:22 0 d-------- C:\Documents and Settings\Drew James Nimmo\Application Data\Bitdefender
    2008-03-22 11:24:48 0 d-------- C:\Program Files\BitDefender
    2008-03-22 11:23:32 0 d-------- C:\Program Files\Common Files\BitDefender
    2008-03-21 20:22:06 0 d--hs---- C:\FOUND.046
    2008-03-21 18:52:15 172032 --a------ C:\WINDOWS\system32\knaalh.exe
    2008-03-15 16:40:56 0 d--hs---- C:\FOUND.045
    2008-03-10 09:10:02 0 d--hs---- C:\FOUND.044
    2008-03-02 11:30:16 0 d--hs---- C:\FOUND.043
    2008-02-25 12:11:00 0 d--hs---- C:\FOUND.042
    2008-02-23 19:33:54 0 d--hs---- C:\FOUND.041


    -- Find3M Report ---------------------------------------------------------------

    2008-03-22 11:15:26 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-03-07 14:12:26 304160 --a------ C:\StiImg.dat
    2008-02-13 13:10:48 0 d-------- C:\Program Files\FootyOnline
    2008-02-12 10:49:08 0 d-------- C:\Program Files\Neat Image
    2008-01-29 09:25:34 0 d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-01-29 09:25:20 0 d-------- C:\Program Files\Windows Live
    2008-01-23 12:10:42 0 d-------- C:\Program Files\Common Files\Mediafour
    2008-01-23 12:09:26 70379 --a------ C:\Documents and Settings\Drew James Nimmo\Application Data\com.kennettnet.MusicRescueProfiles.plist
    2008-01-23 12:09:26 3215 --a------ C:\Documents and Settings\Drew James Nimmo\Application Data\com.kennettnet.MusicRescue.plist
    2008-01-23 10:09:52 0 d-------- C:\Program Files\Winamp
    2008-01-23 10:09:52 0 d-------- C:\Documents and Settings\Drew James Nimmo\Application Data\Winamp
    2008-01-22 20:40:12 0 d-------- C:\Program Files\Mediafour
    2008-01-06 10:12:46 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
    06/01/2008 10:12 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} "= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [06/01/2008 10:12 262144]

    [-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/02/2005 11:12]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/02/2005 11:11]
    "EPM-DM "= "c:\acer\epm\epm-dm.exe" [01/06/2005 14:17]
    "ePowerManagement "= "C:\Acer\ePM\ePM.exe" [15/03/2005 10:03]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 05:00]
    "PCMService "= "C:\Program Files\Arcade\PCMService.exe" [09/03/2005 18:59]
    "LaunchAp "= "C:\Program Files\Launch Manager\LaunchAp.exe" [25/07/2005 13:36]
    "PowerKey "= "C:\Program Files\Launch Manager\PowerKey.exe" [30/08/2002 15:02]
    "LManager "= "C:\Program Files\Launch Manager\HotkeyApp.exe" [06/06/2005 11:52]
    "CtrlVol "= "C:\Program Files\Launch Manager\CtrlVol.exe" [16/09/2003 14:28]
    "LMgrOSD "= "C:\Program Files\Launch Manager\OSDCtrl.exe" [25/07/2005 10:45]
    "Wbutton "= "C:\Program Files\Launch Manager\Wbutton.exe" [25/07/2005 13:34]
    "eRecoveryService "= "C:\Program Files\Acer\eRecovery\Monitor.exe" [29/06/2005 17:26]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [19/09/2007 18:32]
    "RCAutoLiveUpdate "= "C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe" [19/10/2007 16:10]
    "RCSystemTray "= "C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe" [19/10/2007 16:10]
    "ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 16:05]
    "Mediafour Mac Volume Notifications "= "C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [17/12/2002 22:43]
    "Mediafour XPlay Tray Notification Icon "= "C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE" [27/09/2004 21:11]
    "MDDiskProtect.exe "= "C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [15/04/2005 22:54]
    "knaalh "= "C:\WINDOWS\system32\knaalh.exe" [21/03/2008 13:48]
    "BitDefender Antiphishing Helper "= "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/10/2007 15:46]
    "BDAgent "= "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [16/02/2008 17:45]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DA "= "C:\Documents and Settings\Drew James Nimmo\Application Data\DesktopAssistant\DA.exe" [14/07/2006 13:24]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "knaalh "=C:\WINDOWS\system32\knaalh.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Norton SystemWorks "= "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo "=0 (0x0)
    "NoResolveSearch "=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoViewOnDrive "=0 (0x0)
    "LinkResolveIgnoreLinkInfo "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Shell "= "Explorer.exe C:\WINDOWS\Config\lsass.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx scan




    -- End of Deckard's System Scanner: finished at 2008-03-22 18:44:20 ------------
     
    djn,
    #3
  5. 2008/03/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please upload the following file to my submission channel. Leave a link back to this topic.

    C:\WINDOWS\system32\knaalh.exe

    Thanks!


    Are you knowingly using a proxy server for your internet connection? It appears to be a rogue setting to me. Info about that IP below.

    IP address: 81.19.55.9
    Reverse DNS: s09.synergynewmedia.co.uk.
    Reverse DNS authenticity: [Could be forged: hostname s09.synergynewmedia.co.uk. does not exist]
     
    noahdfear,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...