1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved IE Getting rid of Trojans

Discussion in 'Malware and Virus Removal Archive' started by joan_uk01, 2010/07/02.

  1. 2010/07/02
    joan_uk01

    joan_uk01 Inactive Thread Starter

    Joined:
    2002/11/11
    Messages:
    100
    Likes Received:
    0
    [Resolved] IE Getting rid of Trojans

    Hi...

    As instructed in my previous post, hope I have done this correctly. I had some trojans and someone gave me a site to download, www.malwarebytes.com which I did and downloaded and did a scan which brought up 13 infections. I went through the instructions to get rid of them, but was told in my previous post to download DDS which I have done and the results are shown in logs below.


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Joan Allen at 21:40:52.92 on 02/07/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.424 [GMT 1:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Virgin Net Broadband\Dragdiag.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    svchost.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\FinePixViewerS\QuickDCF2.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Documents and Settings\Joan Allen\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.virginmedia.com
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Virgin Media Toolbar: {a057a204-bacc-4d26-cfc3-3cecc9ab2eda} - c:\progra~1\virgin~3\VIRGIN~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Virgin Media Toolbar: {a057a204-bacc-4d26-cfc3-3cecc9ab2eda} - c:\progra~1\virgin~3\VIRGIN~1.DLL
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uRun: [PowerBar] "c:\program files\cyberlink dvd solution\multimedia launcher\PowerBar.exe" /AtBootTime
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe "
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe "
    mRun: [SpeedTouch USB Diagnostics] "c:\program files\virgin net broadband\Dragdiag.exe" /icon
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} c:\program files\irfanview\ebay\ebay.htm - c:\program files\irfanview\ebay\ebay.htm\inprocserver32 does not exist!
    Trusted Zone: bingomania.co.uk\www
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} - hxxp://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
    DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    DPF: {1A781DED-4153-C22D-3213-A3211E29DF13} - hxxp://cached.gamedesire.com/g_bin/eng/cards_2_0_0_81.cab
    DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} - hxxp://cached.gamedesire.com/g_bin/eng/cards_2_0_0_77.cab
    DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://uk.midas.games.yahoo.net/ctl/kingcomie.cab
    DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.17.01.0/iewwload.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
    DPF: {A9ED6AA2-4D71-D9D4-9586-E293E2E3580B} - hxxp://cached.gamedesire.com/g_bin/eng/marbles_2_0_0_36.cab
    DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
    DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
    DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
    DPF: {BFA1F11D-AFE1-3121-4112-894323212DAC} - hxxp://cached.gamedesire.com/g_bin/eng/words_2_0_0_55.cab
    DPF: {BFA1F11D-AFE1-3121-4112-983219421AEF} - hxxp://cached.gamedesire.com/g_bin/eng/wordssingle_2_0_0_52.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
    DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v49/familyfeud/familyfeud.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - hxxps://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab
    DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-11 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-19 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-11 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-11 297752]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
    S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]

    =============== Created Last 30 ================

    2010-06-29 18:13:01 0 d-----w- c:\docume~1\joanal~1\applic~1\VIRGINMEDIATOOLBAR
    2010-06-29 18:13:00 0 d-----w- c:\program files\virginmediatoolbar
    2010-06-29 18:11:52 0 d-----w- c:\program files\Virgin Media
    2010-06-29 16:05:17 0 d-----w- c:\docume~1\joanal~1\applic~1\Malwarebytes
    2010-06-29 16:05:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-29 16:05:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-29 16:05:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-29 16:05:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-06-25 18:11:15 0 d-----w- c:\program files\Shared

    ==================== Find3M ====================

    2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
    2005-03-31 21:17:42 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
    2008-09-03 15:07:50 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

    ============= FINISH: 21:41:30.64 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 04/11/2005 13:13:59
    System Uptime: 07/02/2010 21:29:12 (3480 hours ago)

    Motherboard: | | MS-7093
    Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket 939 | 1790/199mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 153 GiB total, 141.575 GiB free.
    D: is CDROM ()
    E: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1373: 27/06/2010 00:06:14 - System Checkpoint
    RP1374: 28/06/2010 16:05:40 - System Checkpoint
    RP1375: 29/06/2010 16:20:26 - System Checkpoint
    RP1376: 29/06/2010 23:08:02 - Removed SmartFTP Client 2.0
    RP1377: 29/06/2010 23:08:55 - Removed Trend Micro RUBotted

    ==== Installed Programs ======================

    1st Page 2000 2.00 Free
    Acrobat.com
    Ad-Aware SE Personal
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.3.2
    Adobe Shockwave Player 11
    AiO_Scan_CDA
    AiOSoftwareNPI
    Athlon 64 Processor Driver
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    AVG 8.5
    Bingo Cafe UK
    BufferChm
    C6100
    c6100_Help
    CP_CalendarTemplates1
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Panorama1Config
    cp_PosterPrintConfig
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    CustomerResearchQFolder
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    DocumentViewer
    DocumentViewerQFolder
    DVD Solution
    Email Updater
    eSupportQFolder
    Fax_CDA
    FUJIFILM FinePixViewer S Ver.2.0
    FullDPAppQFolder
    GameDesire-Bingo
    GoldenCasino
    Google Toolbar for Internet Explorer
    Google Update Helper
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 2.0.2
    Homestead SiteBuilder LPX
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 7.0
    hp deskjet 3325 series (Remove only)
    HP Document Viewer 7.0
    HP Imaging Device Functions 7.0
    HP Photo and Imaging 1.0 - Scanjet 2300c Series
    HP Photosmart Premier Software 6.5
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Product Assistant
    HP Solution Center 7.0
    HP Update
    HPPhotoSmartExpress
    HPProductAssistant
    HPSSupply
    InCD
    InstantShareDevices
    InstantShareDevicesMFC
    IrfanView (remove only)
    Java(TM) 6 Update 14
    king.com (remove only)
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Disc 2
    Microsoft Office 2000 Professional
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Multimedia Launcher
    Nero OEM
    NewCopy_CDA
    OCR Software by I.R.I.S 7.0
    OpenOffice.org Installer 1.0
    PanoStandAlone
    PhotoGallery
    PowerDVD
    PowerProducer
    ProductContextNPI
    QuickTime
    RandMap
    Readme
    Realtek AC'97 Audio
    Scan
    ScannerCopy
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Shop for HP Supplies
    ShortKeys Lite
    SkinsHP1
    Skypeâ„¢ 4.0
    SlideShow
    SmartFTP Client
    SolutionCenter
    Sonic_PrimoSDK
    SpeedTouch USB Software
    Spybot - Search & Destroy 1.4
    Status
    Toolbox
    TrayApp
    Unload
    upapp
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    ViewSonic Monitor Drivers
    Virgin Media Toolbar
    WebFldrs XP
    WebReg
    WinAce Archiver 2.0
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    29/06/2010 23:08:05, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    29/06/2010 18:01:17, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    25/06/2010 19:04:12, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0013D3559DBE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================


    I hope I have done this correctly and await a response, much appreciated.

    Joan
     
  2. 2010/07/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version: http://java.com/en/download/index.jsp
    Uninstall all previous Java versions through Add\Remove (Programs & Features in Vista/7)

    ==============================================================

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scan.***

    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

  3. to hide this advert.

  4. 2010/07/05
    joan_uk01

    joan_uk01 Inactive Thread Starter

    Joined:
    2002/11/11
    Messages:
    100
    Likes Received:
    0
    IE Trojans logs

    Thanks for reply and as requested have downloaded the three sites and below are the logs you asked to be posted.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4278

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    05/07/2010 17:13:19
    mbam-log-2010-07-05 (17-13-19).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 220031
    Time elapsed: 43 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    2nd Log

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-07-05 18:26:52
    Windows 5.1.2600 Service Pack 3
    Running: zb94440d[1].exe; Driver: C:\DOCUME~1\JOANAL~1\LOCALS~1\Temp\ffkcrkod.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35203E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FBF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352003 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F4B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F85 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352079 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20176A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3944] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E35223B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[156] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    3rd Log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:39:56, on 05/07/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17055)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Virgin Net Broadband\Dragdiag.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\FinePixViewerS\QuickDCF2.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Virgin Media Toolbar - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\PROGRA~1\VIRGIN~3\VIRGIN~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Virgin Media Toolbar - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\PROGRA~1\VIRGIN~3\VIRGIN~1.DLL
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
    O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} (DealOrNoDeal Control) - http://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    O16 - DPF: {1A781DED-4153-C22D-3213-A3211E29DF13} (GameDesire Card Games) - http://cached.gamedesire.com/g_bin/eng/cards_2_0_0_81.cab
    O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://cached.gamedesire.com/g_bin/eng/cards_2_0_0_77.cab
    O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://uk.midas.games.yahoo.net/ctl/kingcomie.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.17.01.0/iewwload.cab
    O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
    O16 - DPF: {A9ED6AA2-4D71-D9D4-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://cached.gamedesire.com/g_bin/eng/marbles_2_0_0_36.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
    O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} (Monopoly Control) - http://www.worldwinner.com/games/v46/monopoly/monopoly.cab
    O16 - DPF: {BFA1F11D-AFE1-3121-4112-894323212DAC} (GameDesire Word Games) - http://cached.gamedesire.com/g_bin/eng/words_2_0_0_55.cab
    O16 - DPF: {BFA1F11D-AFE1-3121-4112-983219421AEF} (GameDesire 1Player Word Games) - http://cached.gamedesire.com/g_bin/eng/wordssingle_2_0_0_52.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v49/familyfeud/familyfeud.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab
    O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} (VM_1.VM_Control) - http://downloads.virginmedia.com/CST/ver1/xp_mail.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/html - {990427e5-e1a7-4d5d-ab3d-3e018d7476ce} - (no file)
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 12273 bytes


    Hope I have done everything correctly and await your reply.

    Joan
     
  5. 2010/07/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. 2010/07/05
    joan_uk01

    joan_uk01 Inactive Thread Starter

    Joined:
    2002/11/11
    Messages:
    100
    Likes Received:
    0
    Hi Broni

    Log as directed thanks.

    ComboFix 10-07-04.04 - Joan Allen 05/07/2010 22:30:22.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.495 [GMT 1:00]
    Running from: c:\documents and settings\Joan Allen\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Joan Allen\err.log
    c:\program files\Shared

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
    .

    2010-07-05 17:39 . 2010-07-05 17:39 388096 ----a-r- c:\documents and settings\Joan Allen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-07-05 15:28 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-05 15:28 . 2010-07-05 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-05 15:28 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-05 15:08 . 2010-07-05 15:08 503808 ----a-w- c:\documents and settings\Joan Allen\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-57f1bb49-n\msvcp71.dll
    2010-07-05 15:08 . 2010-07-05 15:08 499712 ----a-w- c:\documents and settings\Joan Allen\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-57f1bb49-n\jmc.dll
    2010-07-05 15:08 . 2010-07-05 15:08 348160 ----a-w- c:\documents and settings\Joan Allen\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-57f1bb49-n\msvcr71.dll
    2010-07-05 15:08 . 2010-07-05 15:08 61440 ----a-w- c:\documents and settings\Joan Allen\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-161cd816-n\decora-sse.dll
    2010-07-05 15:08 . 2010-07-05 15:08 12800 ----a-w- c:\documents and settings\Joan Allen\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-161cd816-n\decora-d3d.dll
    2010-07-05 15:08 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-29 18:13 . 2010-07-05 21:07 -------- d-----w- c:\documents and settings\Joan Allen\Application Data\VIRGINMEDIATOOLBAR
    2010-06-29 18:13 . 2010-06-29 18:13 -------- d-----w- c:\program files\virginmediatoolbar
    2010-06-29 18:11 . 2010-06-29 18:11 -------- d-----w- c:\program files\Virgin Media
    2010-06-29 16:05 . 2010-06-29 16:05 -------- d-----w- c:\documents and settings\Joan Allen\Application Data\Malwarebytes
    2010-06-29 16:05 . 2010-06-29 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-06-23 15:12 . 2010-06-23 15:12 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb19.tmp.exe
    2010-06-20 21:25 . 2010-07-05 14:40 27630760 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
    2010-06-15 15:49 . 2010-06-15 00:23 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUPDATER\yupdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19867\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19867\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19867\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19867\AcrobatUpdater.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-05 15:08 . 2005-10-18 19:27 -------- d-----w- c:\program files\Common Files\Java
    2010-07-05 15:07 . 2007-11-22 20:35 -------- d-----w- c:\program files\Java
    2010-06-25 18:23 . 2005-11-21 19:20 -------- d-----w- c:\program files\ShortKeys2
    2010-06-15 15:49 . 2005-11-21 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
    2010-05-22 20:27 . 2010-05-22 20:27 503808 ----a-w- c:\documents and settings\Joan Allen\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-49834050-n\msvcp71.dll
    2010-05-22 20:27 . 2010-05-22 20:27 499712 ----a-w- c:\documents and settings\Joan Allen\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-49834050-n\jmc.dll
    2010-05-22 20:27 . 2010-05-22 20:27 348160 ----a-w- c:\documents and settings\Joan Allen\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-49834050-n\msvcr71.dll
    2010-05-19 16:02 . 2010-05-19 16:02 -------- d-----w- c:\documents and settings\Joan Allen\Application Data\Share-to-Web Upload Folder
    2010-05-04 17:20 . 2004-08-03 23:56 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 17:20 . 2004-08-03 23:56 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-05-04 17:20 . 2004-08-03 23:56 17408 ------w- c:\windows\system32\corpol.dll
    2010-05-02 05:22 . 2004-08-03 22:17 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-20 05:30 . 2004-08-03 23:56 285696 ----a-w- c:\windows\system32\atmfd.dll
    2005-03-31 21:17 . 2005-10-15 09:15 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PowerBar "= "c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]
    "Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl "= "c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
    "HPDJ Taskbar Utility "= "c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-04 188416]
    "SoundMan "= "SOUNDMAN.EXE" [2005-04-15 77824]
    "ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
    "SpeedTouch USB Diagnostics "= "c:\program files\Virgin Net Broadband\Dragdiag.exe" [2004-01-26 866816]
    "AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2005-10-14 155648]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-7-7 303104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-21 09:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk
    backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 15:24 54840 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2005-06-10 14:20 1397760 ----a-w- c:\program files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2005-10-14 14:22 155648 ----a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    2002-04-11 04:19 69632 -c--a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-03-27 08:55 24103720 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-05-19 13:38 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\\Program Files\\SmartFTP\\SmartFTP.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\WINDOWS\\system32\\mmc.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\WINDOWS\\system32\\dpvsetup.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/03/2009 22:53 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/03/2009 22:53 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/03/2009 22:53 297752]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 02:29 135664]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
    S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 01:29]

    2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 01:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.virginmedia.com
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    Trusted Zone: bingomania.co.uk\www
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {1A781DED-4153-C22D-3213-A3211E29DF13} - hxxp://cached.gamedesire.com/g_bin/eng/cards_2_0_0_81.cab
    DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://uk.midas.games.yahoo.net/ctl/kingcomie.cab
    DPF: {A9ED6AA2-4D71-D9D4-9586-E293E2E3580B} - hxxp://cached.gamedesire.com/g_bin/eng/marbles_2_0_0_36.cab
    DPF: {BFA1F11D-AFE1-3121-4112-894323212DAC} - hxxp://cached.gamedesire.com/g_bin/eng/words_2_0_0_55.cab
    DPF: {BFA1F11D-AFE1-3121-4112-983219421AEF} - hxxp://cached.gamedesire.com/g_bin/eng/wordssingle_2_0_0_52.cab
    DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-SITEguard - (no file)
    MSConfigStartUp-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
    MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-05 22:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(564)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-07-05 22:37:14
    ComboFix-quarantined-files.txt 2010-07-05 21:36

    Pre-Run: 152,102,404,096 bytes free
    Post-Run: 152,311,222,272 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - ACA6EC3759C1231D587935E03EC20382
     
  7. 2010/07/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    =============================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. 2010/07/06
    joan_uk01

    joan_uk01 Inactive Thread Starter

    Joined:
    2002/11/11
    Messages:
    100
    Likes Received:
    0
    Hi Broni

    Log as requested

    OTL Extras logfile created on: 06/07/2010 15:47:57 - Run 1
    OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Joan Allen\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    958.00 Mb Total Physical Memory | 521.00 Mb Available Physical Memory | 54.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 152.66 Gb Total Space | 141.88 Gb Free Space | 92.94% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: JOAN-AE43A2BB9C
    Current User Name: Joan Allen
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
    "C:\Program Files\SmartFTP\SmartFTP.exe" = C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client -- (SmartFTP GmbH)
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{11C762F9-95EA-486A-A8E7-683A50C231C1}" = SmartFTP Client
    "{1598CA82-4FA7-415B-8EF8-DC1720B2F243}" = GoldenCasino
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
    "{2F1E5C4C-B20C-42C3-B5F1-1FE2CA207AFE}" = Email Updater
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.0
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{9D18465E-8B80-4AC1-8ABB-B42978B171E3}" = HP Photo and Imaging 1.0 - Scanjet 2300c Series
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help
    "{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{B7777E08-1344-42E8-975B-6F541F9ADBD8}" = ATI Catalyst Control Center
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
    "1st Page 2000 2.00 Free" = 1st Page 2000 2.00 Free
    "Ad-Aware SE Personal" = Ad-Aware SE Personal
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "AVG8Uninstall" = AVG 8.5
    "GameDesire-Bingo" = GameDesire-Bingo
    "Homestead SiteBuilder" = Homestead SiteBuilder LPX
    "hp deskjet 3325 series" = hp deskjet 3325 series (Remove only)
    "HP Document Viewer" = HP Document Viewer 7.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPExtendedCapabilities" = HP Customer Participation Program 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InCD!UninstallKey" = InCD
    "InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
    "IrfanView" = IrfanView (remove only)
    "king.com" = king.com (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Shop for HP Supplies" = Shop for HP Supplies
    "ShortKeys Lite" = ShortKeys Lite
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
    "virginmediatoolbar" = Virgin Media Toolbar
    "WGA" = Windows Genuine Advantage Validation Tool
    "WIC" = Windows Imaging Component
    "WinAce Archiver 2.0" = WinAce Archiver 2.0
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Bingo Cafe UK" = Bingo Cafe UK

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 17/09/2009 10:18:38 | Computer Name = JOAN-AE43A2BB9C | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 17/09/2009 10:34:15 | Computer Name = JOAN-AE43A2BB9C | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 19/10/2009 05:14:00 | Computer Name = JOAN-AE43A2BB9C | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 19/10/2009 14:00:22 | Computer Name = JOAN-AE43A2BB9C | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 23/10/2009 04:46:50 | Computer Name = JOAN-AE43A2BB9C | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 06/11/2009 15:32:35 | Computer Name = JOAN-AE43A2BB9C | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 19/01/2010 11:56:41 | Computer Name = JOAN-AE43A2BB9C | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 15/06/2010 11:48:12 | Computer Name = JOAN-AE43A2BB9C | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 17/06/2010 16:23:28 | Computer Name = JOAN-AE43A2BB9C | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    Error - 17/06/2010 16:32:38 | Computer Name = JOAN-AE43A2BB9C | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    [ System Events ]
    Error - 29/06/2010 18:08:06 | Computer Name = JOAN-AE43A2BB9C | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 29/06/2010 18:08:06 | Computer Name = JOAN-AE43A2BB9C | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 29/06/2010 18:08:06 | Computer Name = JOAN-AE43A2BB9C | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 29/06/2010 18:08:06 | Computer Name = JOAN-AE43A2BB9C | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 29/06/2010 18:08:06 | Computer Name = JOAN-AE43A2BB9C | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 29/06/2010 18:08:06 | Computer Name = JOAN-AE43A2BB9C | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 29/06/2010 18:08:06 | Computer Name = JOAN-AE43A2BB9C | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 05/07/2010 17:23:55 | Computer Name = JOAN-AE43A2BB9C | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 05/07/2010 17:30:16 | Computer Name = JOAN-AE43A2BB9C | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 05/07/2010 17:31:19 | Computer Name = JOAN-AE43A2BB9C | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.


    < End of report >
     
  9. 2010/07/06
    joan_uk01

    joan_uk01 Inactive Thread Starter

    Joined:
    2002/11/11
    Messages:
    100
    Likes Received:
    0
    2nd Log as requested thanks

    OTL logfile created on: 06/07/2010 15:47:57 - Run 1
    OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Joan Allen\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    958.00 Mb Total Physical Memory | 521.00 Mb Available Physical Memory | 54.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 152.66 Gb Total Space | 141.88 Gb Free Space | 92.94% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: JOAN-AE43A2BB9C
    Current User Name: Joan Allen
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/06 15:46:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joan Allen\Desktop\OTL.exe
    PRC - [2010/03/19 10:41:32 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
    PRC - [2009/08/21 10:23:39 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
    PRC - [2009/08/21 10:23:35 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
    PRC - [2009/08/21 10:23:26 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/30 18:43:18 | 004,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2007/05/19 14:38:09 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2006/12/04 23:20:18 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewerS\QuickDCF2.exe
    PRC - [2006/09/25 10:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    PRC - [2005/06/10 17:19:38 | 000,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
    PRC - [2005/04/15 04:01:46 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
    PRC - [2004/01/26 12:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Virgin Net Broadband\dragdiag.exe
    PRC - [2003/12/08 17:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    PRC - [2002/11/04 19:26:06 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/06 15:46:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joan Allen\Desktop\OTL.exe
    MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2007/08/30 18:43:14 | 000,006,144 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\idle.dll
    MOD - [2006/03/21 17:03:44 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Yahoo!\Messenger\msvcr71.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2009/08/21 10:23:26 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
    SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2005/06/10 17:19:38 | 000,869,888 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\TMPassthru.sys -- (TMPassthruMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOANAL~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2009/08/21 10:23:39 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2009/08/21 10:23:39 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2009/05/01 16:11:35 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
    DRV - [2007/04/03 13:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex)
    DRV - [2007/04/03 13:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
    DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
    DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
    DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
    DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
    DRV - [2006/12/17 03:50:29 | 001,918,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/06/10 17:12:12 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
    DRV - [2005/06/10 17:11:50 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
    DRV - [2005/06/10 15:11:44 | 000,028,160 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
    DRV - [2005/04/19 03:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2004/10/08 02:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/12/12 20:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2003/12/08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
    DRV - [2003/12/08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
    DRV - [2003/12/05 10:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.virginmedia.com/ "


    [2009/09/01 13:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\Mozilla\Firefox\Profiles\6pe2f43t.default\extensions
    [2007/12/04 23:58:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Joan Allen\Application Data\Mozilla\Firefox\Profiles\6pe2f43t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2006/03/19 15:42:37 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
    [2009/03/18 15:03:40 | 000,214,272 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npmidas.dll

    O1 HOSTS File: ([2010/07/05 22:34:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Virgin Media Toolbar) - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\Program Files\virginmediatoolbar\virginmediatoolbar.dll ([[[COMPANYNAME]]]----------------------------)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Virgin Media Toolbar) - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\Program Files\virginmediatoolbar\virginmediatoolbar.dll ([[[COMPANYNAME]]]----------------------------)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Virgin Media Toolbar) - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\Program Files\virginmediatoolbar\virginmediatoolbar.dll ([[[COMPANYNAME]]]----------------------------)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
    O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Virgin Net Broadband\Dragdiag.exe (THOMSON Telecom Belgium)
    O4 - HKCU..\Run: [PowerBar] C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe (Cyberlink, Corp.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
    O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
    O15 - HKCU\..Trusted Domains: bingomania.co.uk ([www] https in Trusted sites)
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab (ScrabbleCubes Control)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab (DealOrNoDeal Control)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
    O16 - DPF: {1A781DED-4153-C22D-3213-A3211E29DF13} http://cached.gamedesire.com/g_bin/eng/cards_2_0_0_81.cab (GameDesire Card Games)
    O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} http://cached.gamedesire.com/g_bin/eng/cards_2_0_0_77.cab (GameDesire Card Games)
    O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://uk.midas.games.yahoo.net/ctl/kingcomie.cab (king.com)
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.17.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
    O16 - DPF: {A9ED6AA2-4D71-D9D4-9586-E293E2E3580B} http://cached.gamedesire.com/g_bin/eng/marbles_2_0_0_36.cab (GameDesire Marbles&Diamonds&Runes)
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
    O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab (Monopoly Control)
    O16 - DPF: {BFA1F11D-AFE1-3121-4112-894323212DAC} http://cached.gamedesire.com/g_bin/eng/words_2_0_0_55.cab (GameDesire Word Games)
    O16 - DPF: {BFA1F11D-AFE1-3121-4112-983219421AEF} http://cached.gamedesire.com/g_bin/eng/wordssingle_2_0_0_52.cab (GameDesire 1Player Word Games)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx (ArmHelper Control)
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v49/familyfeud/familyfeud.cab (FamilyFeud Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} https://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab (NTR ActiveX 1.1.8)
    O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/xp_mail.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Joan Allen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joan Allen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/10/14 21:40:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/07/06 15:46:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joan Allen\Desktop\OTL.exe
    [2010/07/05 22:39:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/07/05 22:29:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/07/05 22:22:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/07/05 22:22:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/07/05 22:22:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/07/05 22:22:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/07/05 22:22:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/07/05 22:15:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/07/05 16:28:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/07/05 16:28:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/07/05 16:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/07/05 16:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/06/29 19:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joan Allen\Application Data\VIRGINMEDIATOOLBAR
    [2010/06/29 19:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\virginmediatoolbar
    [2010/06/29 19:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
    [2010/06/29 17:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joan Allen\Application Data\Malwarebytes
    [2010/06/29 17:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/06/29 17:04:25 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joan Allen\Desktop\mbam-setup-1.46.exe
    [2010/05/19 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joan Allen\Application Data\Share-to-Web Upload Folder
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/07/06 15:46:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joan Allen\Desktop\OTL.exe
    [2010/07/06 15:46:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/07/06 15:40:20 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/06 15:39:21 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/07/06 15:39:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/06 15:39:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/06 15:38:14 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Joan Allen\ntuser.dat
    [2010/07/06 15:15:33 | 061,677,838 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/07/05 23:34:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Joan Allen\ntuser.ini
    [2010/07/05 22:34:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/07/05 22:34:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/07/05 22:29:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/07/05 18:39:40 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Joan Allen\Desktop\HiJackThis.lnk
    [2010/07/05 16:28:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/29 17:04:25 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joan Allen\Desktop\mbam-setup-1.46.exe
    [2010/06/25 21:13:11 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Joan Allen\Local Settings\Application Data\housecall.guid.cache
    [2010/06/23 00:25:17 | 000,503,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/23 00:25:17 | 000,442,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/23 00:25:17 | 000,072,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/17 17:05:21 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2010/06/10 19:28:54 | 000,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/10 01:39:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/05/01 18:53:17 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\Joan Allen\Desktop\Order of Service.doc
    [2010/04/29 18:55:02 | 000,093,184 | ---- | M] () -- C:\Documents and Settings\Joan Allen\My Documents\Laura Blessing 3.doc
    [2010/04/29 16:23:23 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Joan Allen\Desktop\order-of-service-cover.doc
    [2010/04/29 16:22:40 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Joan Allen\Desktop\order-of-service-insert.doc
    [2010/04/29 15:40:22 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Joan Allen\Desktop\OrderofDayA5.doc
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/28 15:09:11 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Joan Allen\My Documents\Laura Blessing 2.doc
    [2010/04/28 00:41:54 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Joan Allen\My Documents\Laura Blessing.doc
    [2010/04/27 21:53:30 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Joan Allen\My Documents\Blessing.doc
    [2010/04/27 20:16:16 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Joan Allen\My Documents\Blessing P2.doc
    [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/07/05 22:29:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/07/05 22:29:38 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/07/05 22:22:06 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/07/05 22:22:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/07/05 22:22:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/07/05 22:22:06 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/07/05 22:22:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/07/05 18:39:21 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Joan Allen\Desktop\HiJackThis.lnk
    [2010/07/05 16:28:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/25 21:13:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Joan Allen\Local Settings\Application Data\housecall.guid.cache
    [2010/04/30 19:01:57 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\Joan Allen\Desktop\Order of Service.doc
    [2010/04/29 16:23:23 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Joan Allen\Desktop\order-of-service-cover.doc
    [2010/04/29 16:22:40 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Joan Allen\Desktop\order-of-service-insert.doc
    [2010/04/29 15:40:22 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Joan Allen\Desktop\OrderofDayA5.doc
    [2010/04/28 17:13:58 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\Joan Allen\My Documents\Laura Blessing 3.doc
    [2010/04/27 23:42:27 | 000,072,755 | ---- | C] () -- C:\Documents and Settings\Joan Allen\My Documents\10377020.dotx
    [2010/04/27 22:53:35 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Joan Allen\My Documents\Laura Blessing 2.doc
    [2010/04/27 21:53:21 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Joan Allen\My Documents\Laura Blessing.doc
    [2010/04/27 20:16:16 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Joan Allen\My Documents\Blessing P2.doc
    [2010/04/24 18:51:47 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Joan Allen\My Documents\Blessing.doc
    [2008/01/05 18:56:15 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
    [2007/11/14 00:37:10 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
    [2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
    [2007/02/22 16:12:23 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2007/01/02 18:50:33 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2007/01/02 18:25:29 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2006/01/23 18:23:47 | 000,000,181 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
    [2006/01/23 18:23:47 | 000,000,040 | ---- | C] () -- C:\WINDOWS\MYOB.INI
    [2005/11/25 19:56:51 | 000,000,278 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
    [2005/11/22 02:40:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2005/11/21 19:25:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/11/21 18:20:20 | 000,364,544 | R--- | C] () -- C:\WINDOWS\System32\hpgt23.dll
    [2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

    ========== LOP Check ==========

    [2006/06/06 22:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7(2)
    [2010/01/24 02:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
    [2006/06/06 22:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
    [2005/10/18 18:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
    [2007/12/05 01:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2008/02/26 01:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/01/24 01:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
    [2008/08/30 15:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2008/07/07 18:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\FUJIFILM
    [2009/10/05 18:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\GanymedeNet
    [2008/01/05 18:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\Leadertech
    [2005/10/27 00:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\MSNInstaller
    [2008/10/12 19:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\ntr
    [2007/12/04 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\SpinTop
    [2010/07/06 15:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\VIRGINMEDIATOOLBAR

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2005/10/14 21:40:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/06/09 14:09:45 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/07/05 22:29:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2005/10/14 21:40:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/01/24 02:01:31 | 000,003,485 | ---- | M] () -- C:\DTLog.txt
    [2006/12/31 16:30:28 | 000,223,506 | ---- | M] () -- C:\hpfr3320.log
    [2006/12/31 16:30:28 | 000,000,521 | ---- | M] () -- C:\hpfr3320.xml
    [2008/04/15 21:35:26 | 000,001,636 | ---- | M] () -- C:\InstallHelper.log
    [2005/10/14 21:40:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/05/26 14:54:50 | 000,779,545 | ---- | M] () -- C:\mombi.log
    [2005/10/14 21:40:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/03/19 15:42:37 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\nphssb.dll
    [2006/03/19 15:42:37 | 000,000,247 | ---- | M] () -- C:\nphssb.xpt
    [2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/03 15:38:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/07/06 15:39:00 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
    [2008/04/15 22:22:38 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
    [2007/12/28 15:48:41 | 000,000,146 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2007/03/22 20:24:58 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/04/10 15:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >
    [2006/02/19 04:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2005/11/04 13:59:53 | 000,253,952 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/11/04 13:52:02 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
    [2005/11/04 13:59:53 | 014,942,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/11/04 13:59:53 | 003,670,016 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/14 01:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
    < End of report >
     
  10. 2010/07/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\TMPassthru.sys -- (TMPassthruMP)
      DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
      DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
      DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
      DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOANAL~1\LOCALS~1\Temp\catchme.sys -- (catchme)
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
      O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
      O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab  (Reg Error: Key error.)
      O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/xp_mail.cab  (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      [2007/12/05 01:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
      @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  11. 2010/07/10
    joan_uk01

    joan_uk01 Inactive Thread Starter

    Joined:
    2002/11/11
    Messages:
    100
    Likes Received:
    0
    Hi Broni

    Have not done your last post as had major problems with IE explorer. When tried to use to open a browser this has come up

    APPLICATION ERROR

    EAccessViolation in module IEFRAME.dll 000C5OCD
    Access violation at address 3E2850CD in module IEFRAME.dll Read of address 0564FD50

    I finally managed to open a browser when I right clicked on IE explorer and clicked No add ons and got a window open and managed to get here. I have tried to open another window but that error message comes up and won't let me open another window. Please advise
     
  12. 2010/07/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Restart computer.

    Go Start>All Programs>Accessories>System Tools, and click on Internet Explorer (no add-ons).
    Go Tools>Internet options>Advanced tab and click on "Reset" button.
    Restart IE and see, if it works OK.
     
  13. 2010/07/10
    joan_uk01

    joan_uk01 Inactive Thread Starter

    Joined:
    2002/11/11
    Messages:
    100
    Likes Received:
    0
    Hi Broni

    Could not get the first OTL log as it kept coming up not responding. I tried three times and same thing. This is the second log - quick scan

    OTL logfile created on: 10/07/2010 20:03:24 - Run 2
    OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Joan Allen\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    958.00 Mb Total Physical Memory | 476.00 Mb Available Physical Memory | 50.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 152.66 Gb Total Space | 141.73 Gb Free Space | 92.84% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: JOAN-AE43A2BB9C
    Current User Name: Joan Allen
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/10 16:59:32 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
    PRC - [2010/07/06 15:46:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joan Allen\Desktop\OTL.exe
    PRC - [2009/08/21 10:23:39 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
    PRC - [2009/08/21 10:23:35 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
    PRC - [2009/08/21 10:23:26 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/30 18:43:18 | 004,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2007/05/19 14:38:09 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2006/12/04 23:20:18 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewerS\QuickDCF2.exe
    PRC - [2006/09/25 10:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    PRC - [2005/06/10 17:19:38 | 000,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
    PRC - [2005/04/15 04:01:46 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
    PRC - [2004/01/26 12:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Virgin Net Broadband\dragdiag.exe
    PRC - [2003/12/08 17:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    PRC - [2002/11/04 19:26:06 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    PRC - [2002/04/11 05:19:36 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/06 15:46:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joan Allen\Desktop\OTL.exe
    MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2007/08/30 18:43:14 | 000,006,144 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\idle.dll
    MOD - [2006/03/21 17:03:44 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Yahoo!\Messenger\msvcr71.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2009/08/21 10:23:26 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
    SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2005/06/10 17:19:38 | 000,869,888 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOANAL~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2009/08/21 10:23:39 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2009/08/21 10:23:39 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2009/05/01 16:11:35 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
    DRV - [2007/04/03 13:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex)
    DRV - [2007/04/03 13:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
    DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
    DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
    DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
    DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
    DRV - [2006/12/17 03:50:29 | 001,918,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/06/10 17:12:12 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
    DRV - [2005/06/10 17:11:50 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
    DRV - [2005/06/10 15:11:44 | 000,028,160 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
    DRV - [2005/04/19 03:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2004/10/08 02:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/12/12 20:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2003/12/08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
    DRV - [2003/12/08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
    DRV - [2003/12/05 10:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.virginmedia.com/ "


    [2009/09/01 13:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\Mozilla\Firefox\Profiles\6pe2f43t.default\extensions
    [2007/12/04 23:58:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Joan Allen\Application Data\Mozilla\Firefox\Profiles\6pe2f43t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2006/03/19 15:42:37 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
    [2009/03/18 15:03:40 | 000,214,272 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npmidas.dll

    O1 HOSTS File: ([2010/07/05 22:34:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Virgin Media Toolbar) - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\Program Files\virginmediatoolbar\virginmediatoolbar.dll ([[[COMPANYNAME]]]----------------------------)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Virgin Media Toolbar) - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\Program Files\virginmediatoolbar\virginmediatoolbar.dll ([[[COMPANYNAME]]]----------------------------)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Virgin Media Toolbar) - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\Program Files\virginmediatoolbar\virginmediatoolbar.dll ([[[COMPANYNAME]]]----------------------------)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
    O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Virgin Net Broadband\Dragdiag.exe (THOMSON Telecom Belgium)
    O4 - HKCU..\Run: [PowerBar] C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe (Cyberlink, Corp.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
    O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab (ScrabbleCubes Control)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab (DealOrNoDeal Control)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
    O16 - DPF: {1A781DED-4153-C22D-3213-A3211E29DF13} http://cached.gamedesire.com/g_bin/eng/cards_2_0_0_81.cab (GameDesire Card Games)
    O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} http://cached.gamedesire.com/g_bin/eng/cards_2_0_0_77.cab (GameDesire Card Games)
    O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://uk.midas.games.yahoo.net/ctl/kingcomie.cab (king.com)
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.17.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
    O16 - DPF: {A9ED6AA2-4D71-D9D4-9586-E293E2E3580B} http://cached.gamedesire.com/g_bin/eng/marbles_2_0_0_36.cab (GameDesire Marbles&Diamonds&Runes)
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
    O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab (Monopoly Control)
    O16 - DPF: {BFA1F11D-AFE1-3121-4112-894323212DAC} http://cached.gamedesire.com/g_bin/eng/words_2_0_0_55.cab (GameDesire Word Games)
    O16 - DPF: {BFA1F11D-AFE1-3121-4112-983219421AEF} http://cached.gamedesire.com/g_bin/eng/wordssingle_2_0_0_52.cab (GameDesire 1Player Word Games)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx (ArmHelper Control)
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v49/familyfeud/familyfeud.cab (FamilyFeud Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} https://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab (NTR ActiveX 1.1.8)
    O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/xp_mail.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Joan Allen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joan Allen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/10/14 21:40:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/07/10 19:34:08 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/07/06 15:46:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joan Allen\Desktop\OTL.exe
    [2010/07/05 22:39:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/07/05 22:29:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/07/05 22:22:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/07/05 22:22:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/07/05 22:22:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/07/05 22:22:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/07/05 22:22:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/07/05 22:15:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/07/05 16:28:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/07/05 16:28:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/07/05 16:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/07/05 16:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/06/29 19:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joan Allen\Application Data\VIRGINMEDIATOOLBAR
    [2010/06/29 19:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\virginmediatoolbar
    [2010/06/29 19:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
    [2010/06/29 17:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joan Allen\Application Data\Malwarebytes
    [2010/06/29 17:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/06/29 17:04:25 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joan Allen\Desktop\mbam-setup-1.46.exe
    [2010/05/19 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joan Allen\Application Data\Share-to-Web Upload Folder
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/07/10 20:00:53 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/10 19:59:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/07/10 19:59:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/10 19:59:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/10 19:46:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/07/10 19:28:57 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Joan Allen\ntuser.dat
    [2010/07/10 17:18:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/07/10 17:00:17 | 061,821,997 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/07/06 16:52:07 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2010/07/06 15:46:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joan Allen\Desktop\OTL.exe
    [2010/07/05 23:34:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Joan Allen\ntuser.ini
    [2010/07/05 22:34:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/07/05 22:34:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/07/05 22:29:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/07/05 18:39:40 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Joan Allen\Desktop\HiJackThis.lnk
    [2010/07/05 16:28:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/29 17:04:25 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joan Allen\Desktop\mbam-setup-1.46.exe
    [2010/06/25 21:13:11 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Joan Allen\Local Settings\Application Data\housecall.guid.cache
    [2010/06/23 00:25:17 | 000,503,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/23 00:25:17 | 000,442,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/23 00:25:17 | 000,072,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/10 19:28:54 | 000,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/10 01:39:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/05/01 18:53:17 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\Joan Allen\Desktop\Order of Service.doc
    [2010/04/29 18:55:02 | 000,093,184 | ---- | M] () -- C:\Documents and Settings\Joan Allen\My Documents\Laura Blessing 3.doc
    [2010/04/29 16:23:23 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Joan Allen\Desktop\order-of-service-cover.doc
    [2010/04/29 16:22:40 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Joan Allen\Desktop\order-of-service-insert.doc
    [2010/04/29 15:40:22 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Joan Allen\Desktop\OrderofDayA5.doc
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/28 15:09:11 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Joan Allen\My Documents\Laura Blessing 2.doc
    [2010/04/28 00:41:54 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Joan Allen\My Documents\Laura Blessing.doc
    [2010/04/27 21:53:30 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Joan Allen\My Documents\Blessing.doc
    [2010/04/27 20:16:16 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Joan Allen\My Documents\Blessing P2.doc
    [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/07/10 17:18:39 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/07/05 22:29:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/07/05 22:29:38 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/07/05 22:22:06 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/07/05 22:22:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/07/05 22:22:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/07/05 22:22:06 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/07/05 22:22:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/07/05 18:39:21 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Joan Allen\Desktop\HiJackThis.lnk
    [2010/07/05 16:28:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/25 21:13:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Joan Allen\Local Settings\Application Data\housecall.guid.cache
    [2010/04/30 19:01:57 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\Joan Allen\Desktop\Order of Service.doc
    [2010/04/29 16:23:23 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Joan Allen\Desktop\order-of-service-cover.doc
    [2010/04/29 16:22:40 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Joan Allen\Desktop\order-of-service-insert.doc
    [2010/04/29 15:40:22 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Joan Allen\Desktop\OrderofDayA5.doc
    [2010/04/28 17:13:58 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\Joan Allen\My Documents\Laura Blessing 3.doc
    [2010/04/27 23:42:27 | 000,072,755 | ---- | C] () -- C:\Documents and Settings\Joan Allen\My Documents\10377020.dotx
    [2010/04/27 22:53:35 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Joan Allen\My Documents\Laura Blessing 2.doc
    [2010/04/27 21:53:21 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Joan Allen\My Documents\Laura Blessing.doc
    [2010/04/27 20:16:16 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Joan Allen\My Documents\Blessing P2.doc
    [2010/04/24 18:51:47 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Joan Allen\My Documents\Blessing.doc
    [2008/01/05 18:56:15 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
    [2007/11/14 00:37:10 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
    [2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
    [2007/02/22 16:12:23 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2007/01/02 18:50:33 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2007/01/02 18:25:29 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2006/01/23 18:23:47 | 000,000,181 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
    [2006/01/23 18:23:47 | 000,000,040 | ---- | C] () -- C:\WINDOWS\MYOB.INI
    [2005/11/25 19:56:51 | 000,000,278 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
    [2005/11/22 02:40:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2005/11/21 19:25:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/11/21 18:20:20 | 000,364,544 | R--- | C] () -- C:\WINDOWS\System32\hpgt23.dll
    [2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

    ========== LOP Check ==========

    [2006/06/06 22:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7(2)
    [2010/01/24 02:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
    [2006/06/06 22:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
    [2005/10/18 18:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
    [2007/12/05 01:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2008/02/26 01:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/01/24 01:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
    [2008/08/30 15:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2008/07/07 18:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\FUJIFILM
    [2009/10/05 18:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\GanymedeNet
    [2008/01/05 18:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\Leadertech
    [2005/10/27 00:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\MSNInstaller
    [2008/10/12 19:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\ntr
    [2007/12/04 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\SpinTop
    [2010/07/10 16:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan Allen\Application Data\VIRGINMEDIATOOLBAR

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
    < End of report >
     
  14. 2010/07/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  15. 2010/07/10
    joan_uk01

    joan_uk01 Inactive Thread Starter

    Joined:
    2002/11/11
    Messages:
    100
    Likes Received:
    0
    hi Broni

    Grrr.....tried to download the kaspersky anitvirus but this message comes up.

    Launch of the Java application is interrupted. Please establish an uninterrupted internet connection for work with this programme.
     
  16. 2010/07/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  17. 2010/07/10
    joan_uk01

    joan_uk01 Inactive Thread Starter

    Joined:
    2002/11/11
    Messages:
    100
    Likes Received:
    0
    Hi Broni

    Log as requested.

    C:\Documents and Settings\Joan Allen\Application Data\SystemProc\lsass.exe a variant of Win32/Injector.CGU trojan
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul Win32/Dursg.A trojan
    Operating memory a variant of Win32/Injector.CGU trojan


    also this browser window opened and have no idea how it happened

    http://web-soft-shop.com/catalog/antivirus-and-security/

    regards Joan
     
  18. 2010/07/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Documents and Settings\Joan Allen\Application Data\SystemProc\lsass.exe 
      C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  19. 2010/07/10
    joan_uk01

    joan_uk01 Inactive Thread Starter

    Joined:
    2002/11/11
    Messages:
    100
    Likes Received:
    0
    OTL log as requested.

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Documents and Settings\Joan Allen\Application Data\SystemProc\lsass.exe moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: BB443B11-7D12-450c-9F85-2D32804655F9

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Joan Allen
    ->Temp folder emptied: 1200 bytes
    ->Temporary Internet Files folder emptied: 11887651 bytes
    ->Java cache emptied: 5400 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 825 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 664 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 11.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: BB443B11-7D12-450c-9F85-2D32804655F9

    User: Default User

    User: Joan Allen
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.7.1 log created on 07112010_010857

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Joan Allen\Local Settings\Temporary Internet Files\Content.IE5\M19WA9FZ\iframescript[1].htm moved successfully.
    C:\Documents and Settings\Joan Allen\Local Settings\Temporary Internet Files\Content.IE5\M19WA9FZ\malware-virus-removal[1].htm moved successfully.
    C:\Documents and Settings\Joan Allen\Local Settings\Temporary Internet Files\Content.IE5\I1R4KQPG\93837-active-ie-getting-rid-trojans-2[1].htm moved successfully.
    C:\Documents and Settings\Joan Allen\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

    Registry entries deleted on Reboot...


    Also had to manually close down computer to reboot
     
  20. 2010/07/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    =============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    [SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
  21. 2010/07/10
    joan_uk01

    joan_uk01 Inactive Thread Starter

    Joined:
    2002/11/11
    Messages:
    100
    Likes Received:
    0
    Many thanks Broni for your time and patience and fingers crossed all will be well. Will let you know how computer is in a few days - hopefully!!!

    I really appreciate all the help you and others give on windowsbbs and once again, many thanks.

    Joan
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.