Hi all,
I have a funny feeling about my computer again! (sorry)

Please could someone just have a skim through my HJL and let meh know what you reakon please?


Mnay thanks in advance.
Matt

-------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:48, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\Net Control 2\ncserver.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Net Control 2\ncscc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ArtecUSB\ScanPanel\ScnPanel.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Net Control 2\NetCtl.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Paltalk Messenger_17710\paltalk.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://heavens-end.co.uk/intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NTUserDispatcher] "C:\Program Files\Net Control 2\ncscc.exe" /NTUSER
O4 - HKLM\..\Run: [ImgTask] E:\Imgtask.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger_17710\paltalk.exe
O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ArtecUSB\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger_17710\Paltalk.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = heavens-end.co.uk
O17 - HKLM\Software\..\Telephony: DomainName = heavens-end.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = heavens-end.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = heavens-end.co.uk
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: 3proxy tiny proxy server (3proxy) - Unknown owner - C:\Documents and Settings\matt.HEAVENS-END\Desktop\3proxy-0.5.3i\bin\3proxy.exe (file missing)
O23 - Service: ACLBDevMon - Unknown owner - C:\Documents and Settings\Administrator\Desktop\aclbdevmon.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Net Control 2 Server (NetControl2Server) - V.A.P. Software - C:\Program Files\Net Control 2\ncserver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9481 bytes

There's nothing bad in that log. Are you having any problems?

***Update!

I was converned about thje line with
'O4 - HKLM\..\Run: [ImgTask] E:\Imgtask.exe'

and so came across this page on Bleeping Computer
http://www.bleepingcomputer.com/startups/Imgtask.exe-22245.html

I ran Uniblue reg. booster as reccoemned on that site, and it found 282 erros in the reg.!

As I only have the free version on here, it would only repart 15 of them. Should I worry about this?

Many thanks

There's nothing bad in that log. Are you having any problems?

Hi scotty,
Not hugely no, the only reason I thought about it was random music keep fading in from knwowhere, and then cutting out again.

I am sure this has nothing to do with any of the programs I intentionally have running.

Should I be worried?!

oh and P.S, im just running AVG, and it has so far found some ActiveX adaware in the Reg.

Hi

Initially I thought it was part of IMGBurn, then I saw a topic where a program called WalletPix leaves it behind. Ever used that?
Let's check it out.

Go to http://virusscan.jotti.org
Copy the following line into the white textbox:
E:\Imgtask.exe
Click Submit.
Please post the results of this scan to this thread.

If Jotti is busy or unavailable, please try
Virustotal (http://www.virustotal.com/en/indexf.html)

Hi Scotty,
Thanks for your reply.

However are you sure about the dir. for that IMG thing?, because I don't have a drive E! :p

Nop, I have never used anything called WalletPix, as far as I can remember anyway.

O4 - HKLM\..\Run: [ImgTask] E:\Imgtask.exe

One of your USB ports, cd/dvd memory stick slots. When you browse make sure hidden files/folders is unchecked and look under My Computer at all the drive icons.

To enable the viewing of Hidden files follow these steps: Close all programs so that you are at your desktop.
Double-click on the My Computer icon (or click Start, then select My Computer)
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.

One of your USB ports, cd/dvd memory stick slots. When you browse make sure hidden files/folders is unchecked and look under My Computer at all the drive icons.

To enable the viewing of Hidden files follow these steps: Close all programs so that you are at your desktop.
Double-click on the My Computer icon (or click Start, then select My Computer)
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.


Hi Scotty, Okay, thanks I wil do that! - But unless its hidden, I swaer I don't have a drive E! (even though you quoted it! :confused:)

I just went to Start > Run > E:\
And it cannot find the drive!

***Update!

I was converned about thje line with
'O4 - HKLM\..\Run: [ImgTask] E:\Imgtask.exe'

and so came across this page on Bleeping Computer
http://www.bleepingcomputer.com/startups/Imgtask.exe-22245.html

I ran Uniblue reg. booster as reccoemned on that site, and it found 282 erros in the reg.!

As I only have the free version on here, it would only repart 15 of them. Should I worry about this?

Many thanks
Sorry to jump in but there is absolutely nothing wrong with the registry. Please remove the software immediately and stay away from the wrong notion that your registry has so many problems that can be corrected by Registry Booster. :)

-- Goku

Okay, Scotty, I found Imgtask.exe under C:\Windows.
(Sacnned fine with Jotti encase there was any point in doing so)

Btw, Im not sure about the whole E drive thing, becuase I deffinitly do not have one! :confused::confused::confused:

So I guess Goku has got a point that I may just be worrying about nothing here?

Hi Speakersrock

A few of us are in agreement about Registry Cleaners here and elsewhere. The Registry is huge, so if it was actuallly so messed up that it slowed your computer down, it would be a better time for a new install. A few orphaned entries will make no difference.
Then there is the big risk of FP's which could leave you with a non-working pc, if you dont know what you are removing.

Heres something to try.

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

O4 - HKLM\..\Run: [ImgTask] E:\Imgtask.exe

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked exit HijackThis and reboot.

If something doesnt work after the reboot we can restore the key from the backups.

Hi Speakersrock

A few of us are in agreement about Registry Cleaners here and elsewhere. The Registry is huge, so if it was actuallly so messed up that it slowed your computer down, it would be a better time for a new install. A few orphaned entries will make no difference.
Then there is the big risk of FP's which could leave you with a non-working pc, if you dont know what you are removing.

Heres something to try.

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

O4 - HKLM\..\Run: [ImgTask] E:\Imgtask.exe

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked exit HijackThis and reboot.

If something doesn't work after the reboot we can restore the key from the backups.

oh yea im right with you on the reg. optimizers. - I never will/have liked them, but on this occasion I tried it because it was recommended by bleeping computer (which I thought was trust-able!) - But obviously not as it was linked with payment!

WIll do that and post back asap, thanks.