Inactive Number of problems

[Inactive] Number of problems

The problem on my desktop started a couple of weeks ago with my ADSL connection dropping out intermittently and eventually, the connection timew were down to about 30-40 seconds before dropping out so I have been unable to run a Kaspersky on line scan. The "Repair" function for network connection is disabled and once or twice a message has flashed about TCP/IP stack (Too short a time to read message). I know now that the problem is not with the line, the modem or the ISP software as I am still able to connect on my laptop by wifi.
Start up times have become extended and a number of other problems have developed and I list a few here: Unable to start up and run some programmes eg. Firefox which I had to re-install from installation disc. Opening a file brings up a "Search" window in most cases. Running a search for "files modified on current date" brings up a list of contents of hard drive. Nost importantly, I have uninstalled my IP ADSL software but cannot re-install it, Either the installation hangs with a blank screen of a message flashes up "Installation programme already running" and it stops loading.
In an attempt to sort out the problem myself before bothering WindowsBBS I have: System restored a number of times to known good operating system dates, Run Malware bytes, Adwarealert, Revo uninstaller (Control panes Uninstall software does not respond to clicking on items to remove), Superantispywware, Combofix and ATF Cleaner.
I attach a DDS scan and attachment scan. If you need a Hijackthis scan I have the software already loaded to run this.
Your help would be much appreciated.


DDS (Ver_09-01-19.01) - NTFSx86
Run by Brian Owen at 17:01:37.12 on 23/01/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.166 [GMT 1:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\notepad.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} - c:\program files\orangehss\searchurlhook\SearchPageURL.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: {DC5F9604-C6E2-47D0-8E0F-E60FCCB334C7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe "
mRun: [AVG7_CC] "c:\progra~1\grisoft\avg7\avgcc.exe" /STARTUP
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe "
mRun: [ORAHSSSessionManager] c:\program files\orangehss\sessionmanager\SessionManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe "
mRun: [InstantAccess] c:\progra~1\textbr~1.0\bin\INSTAN~1.EXE /h
mRun: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\briano~2.bri\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\zdwlan~1.lnk - c:\program files\zydas technology corporation\zydas_802.11g_utility\ZDWlan.exe
IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\briano~2.bri\applic~1\mozilla\firefox\profiles\ytyrl0nq.default\

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-10-9 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-10-9 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-10-9 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-10-9 10760]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
R4 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-9-12 418816]
R4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-9-12 49664]
R4 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-9-12 406528]
R4 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-10-9 4960]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-6-11 446976]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-10-8 20608]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-7 38496]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-29 42512]
S3 SbieDrv;SbieDrv;\??\c:\program files\sandboxie\sbiedrv.sys --> c:\program files\sandboxie\SbieDrv.sys [?]
S3 sentemul;sentemul;c:\windows\system32\drivers\SentEmul.sys [2008-9-22 11812]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-01-23 14:05 <DIR> --d----- c:\docume~1\briano~2.bri\applic~1\OpenOffice.org
2009-01-23 13:58 <DIR> --d----- c:\program files\JRE
2009-01-23 13:58 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-01-22 20:22 <DIR> --d----- C:\ComboFix
2009-01-22 20:22 388,608 a------- c:\windows\system32\CF3868.exe
2009-01-22 14:15 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-01-22 14:15 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-22 14:15 <DIR> --d----- c:\docume~1\briano~2.bri\applic~1\SUPERAntiSpyware.com
2009-01-22 14:14 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-21 21:02 <DIR> --d----- c:\program files\common files\ACD Systems
2009-01-21 21:01 <DIR> --d----- c:\program files\Free Download Manager
2009-01-21 21:01 <DIR> --d----- c:\docume~1\briano~2.bri\applic~1\Free Download Manager
2009-01-21 21:01 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\FreeDownloadManager.ORG
2009-01-21 21:01 <DIR> --d----- c:\program files\K-Meleon
2009-01-21 21:01 <DIR> --d----- C:\Compaq
2009-01-21 20:55 <DIR> --d----- c:\program files\NetStat Live
2009-01-21 20:45 <DIR> --d----- c:\docume~1\briano~2.bri\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-01-20 19:56 <DIR> --dsh--- C:\RECYCLER(4)
2009-01-20 13:13 <DIR> --d----- c:\docume~1\briano~2.bri\applic~1\MalwareRemovalBot
2009-01-18 20:47 <DIR> --d----- c:\program files\RegistryPatrol3(2).0
2009-01-06 20:36 3,686,454 a------- c:\windows\ACD Wallpaper.bmp

==================== Find3M ====================

2009-01-22 15:17 62,217 a---h--- C:\jpeggeri.dat
2009-01-21 20:51 10,266 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2008-11-15 18:03 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2008-08-04 12:12 353,840 a------- c:\documents and settings\brian owen.brian-5kbuieuht\RealPlayer11GOLD.exe
2008-08-04 08:29 3,288,104 a------- c:\documents and settings\brian owen.brian-5kbuieuht\Diino_4.2_Setup.exe
2008-07-26 18:04 15,736 ac------ c:\program files\JkDefrag.log
2007-10-31 13:16 872 ac------ c:\program files\CloneSpy.ini
2007-10-31 13:15 5,435 ac------ c:\program files\CloneSpy.log
2004-12-11 08:23 3,918 ac------ c:\program files\Readme.txt
2004-12-11 08:20 49,173 ac------ c:\program files\winsetup.exe
2004-12-11 08:20 220 ac------ c:\program files\acsetup.cfg
2004-12-11 08:07 1,943,049 ac------ c:\program files\music.vox
2004-12-11 08:07 184,701 ac------ c:\program files\speech.vox
2004-08-07 15:14 187,904 ac------ c:\program files\HijackThis.exe
2004-06-06 07:19 238,481 ac------ c:\program files\CloneSpy.chm
2004-06-06 07:05 966,656 ac------ c:\program files\CloneSpy.exe
2004-03-11 12:27 40,960 ac------ c:\program files\Uninstall_CDS.exe
2003-10-13 16:02 262 ac------ c:\program files\file_id.diz
2003-09-08 01:49 23,428 ac------ c:\program files\ARCHIVER.BB2
2003-09-08 01:49 507 ac------ c:\program files\DWG.BA_
2003-09-08 01:49 123 ac------ c:\program files\SAM.BA_
2003-09-08 01:49 38 ac------ c:\program files\TFC.BAT
2001-09-10 08:10 61,440 ac------ c:\windows\inf\i386\onetUSD.dll
2001-09-06 08:58 139,264 ac------ c:\windows\inf\i386\Rtscan.dll
2001-08-17 18:43 32,768 ac------ c:\windows\inf\i386\Wiamicro.dll
2001-06-29 08:10 163,840 ac------ c:\windows\inf\i386\viceo.dll

============= FINISH: 17:01:50.71 ===============


DDS (Ver_09-01-19.01) - NTFSx86
Run by Brian Owen at 17:01:37.12 on 23/01/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.166 [GMT 1:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\notepad.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} - c:\program files\orangehss\searchurlhook\SearchPageURL.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: {DC5F9604-C6E2-47D0-8E0F-E60FCCB334C7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe "
mRun: [AVG7_CC] "c:\progra~1\grisoft\avg7\avgcc.exe" /STARTUP
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe "
mRun: [ORAHSSSessionManager] c:\program files\orangehss\sessionmanager\SessionManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe "
mRun: [InstantAccess] c:\progra~1\textbr~1.0\bin\INSTAN~1.EXE /h
mRun: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\briano~2.bri\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\zdwlan~1.lnk - c:\program files\zydas technology corporation\zydas_802.11g_utility\ZDWlan.exe
IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\briano~2.bri\applic~1\mozilla\firefox\profiles\ytyrl0nq.default\

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-10-9 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-10-9 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-10-9 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-10-9 10760]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
R4 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-9-12 418816]
R4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-9-12 49664]
R4 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-9-12 406528]
R4 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-10-9 4960]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-6-11 446976]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-10-8 20608]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-7 38496]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-29 42512]
S3 SbieDrv;SbieDrv;\??\c:\program files\sandboxie\sbiedrv.sys --> c:\program files\sandboxie\SbieDrv.sys [?]
S3 sentemul;sentemul;c:\windows\system32\drivers\SentEmul.sys [2008-9-22 11812]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-01-23 14:05 <DIR> --d----- c:\docume~1\briano~2.bri\applic~1\OpenOffice.org
2009-01-23 13:58 <DIR> --d----- c:\program files\JRE
2009-01-23 13:58 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-01-22 20:22 <DIR> --d----- C:\ComboFix
2009-01-22 20:22 388,608 a------- c:\windows\system32\CF3868.exe
2009-01-22 14:15 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-01-22 14:15 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-22 14:15 <DIR> --d----- c:\docume~1\briano~2.bri\applic~1\SUPERAntiSpyware.com
2009-01-22 14:14 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-21 21:02 <DIR> --d----- c:\program files\common files\ACD Systems
2009-01-21 21:01 <DIR> --d----- c:\program files\Free Download Manager
2009-01-21 21:01 <DIR> --d----- c:\docume~1\briano~2.bri\applic~1\Free Download Manager
2009-01-21 21:01 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\FreeDownloadManager.ORG
2009-01-21 21:01 <DIR> --d----- c:\program files\K-Meleon
2009-01-21 21:01 <DIR> --d----- C:\Compaq
2009-01-21 20:55 <DIR> --d----- c:\program files\NetStat Live
2009-01-21 20:45 <DIR> --d----- c:\docume~1\briano~2.bri\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-01-20 19:56 <DIR> --dsh--- C:\RECYCLER(4)
2009-01-20 13:13 <DIR> --d----- c:\docume~1\briano~2.bri\applic~1\MalwareRemovalBot
2009-01-18 20:47 <DIR> --d----- c:\program files\RegistryPatrol3(2).0
2009-01-06 20:36 3,686,454 a------- c:\windows\ACD Wallpaper.bmp

==================== Find3M ====================

2009-01-22 15:17 62,217 a---h--- C:\jpeggeri.dat
2009-01-21 20:51 10,266 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2008-11-15 18:03 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2008-08-04 12:12 353,840 a------- c:\documents and settings\brian owen.brian-5kbuieuht\RealPlayer11GOLD.exe
2008-08-04 08:29 3,288,104 a------- c:\documents and settings\brian owen.brian-5kbuieuht\Diino_4.2_Setup.exe
2008-07-26 18:04 15,736 ac------ c:\program files\JkDefrag.log
2007-10-31 13:16 872 ac------ c:\program files\CloneSpy.ini
2007-10-31 13:15 5,435 ac------ c:\program files\CloneSpy.log
2004-12-11 08:23 3,918 ac------ c:\program files\Readme.txt
2004-12-11 08:20 49,173 ac------ c:\program files\winsetup.exe
2004-12-11 08:20 220 ac------ c:\program files\acsetup.cfg
2004-12-11 08:07 1,943,049 ac------ c:\program files\music.vox
2004-12-11 08:07 184,701 ac------ c:\program files\speech.vox
2004-08-07 15:14 187,904 ac------ c:\program files\HijackThis.exe
2004-06-06 07:19 238,481 ac------ c:\program files\CloneSpy.chm
2004-06-06 07:05 966,656 ac------ c:\program files\CloneSpy.exe
2004-03-11 12:27 40,960 ac------ c:\program files\Uninstall_CDS.exe
2003-10-13 16:02 262 ac------ c:\program files\file_id.diz
2003-09-08 01:49 23,428 ac------ c:\program files\ARCHIVER.BB2
2003-09-08 01:49 507 ac------ c:\program files\DWG.BA_
2003-09-08 01:49 123 ac------ c:\program files\SAM.BA_
2003-09-08 01:49 38 ac------ c:\program files\TFC.BAT
2001-09-10 08:10 61,440 ac------ c:\windows\inf\i386\onetUSD.dll
2001-09-06 08:58 139,264 ac------ c:\windows\inf\i386\Rtscan.dll
2001-08-17 18:43 32,768 ac------ c:\windows\inf\i386\Wiamicro.dll
2001-06-29 08:10 163,840 ac------ c:\windows\inf\i386\viceo.dll

============= FINISH: 17:01:50.71 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 08/10/2007 19:27:17
System Uptime: 23/01/2009 16:24:29 (1 hours ago)

Motherboard: MSI | | MS-7021
Processor: AMD Athlon(tm) XP 1800+ | Socket-A | 1506/102mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 76 GiB total, 21.167 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 38 GiB total, 14.98 GiB free.
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Samsung ML-4500
Device ID: LPTENUM\SAMSUNGML-4500\5&37F4DA28&0&LPT1.4
Manufacturer:
Name: Samsung ML-4500
PNP Device ID: LPTENUM\SAMSUNGML-4500\5&37F4DA28&0&LPT1.4
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_021C1462&REV_78\3&61AAA01&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_021C1462&REV_78\3&61AAA01&0&90
Service: FETND5BV

==== System Restore Points ===================

RP455: 05/12/2008 15:18:10 - System Checkpoint
RP456: 06/12/2008 17:38:49 - System Checkpoint
RP457: 07/12/2008 20:09:21 - System Checkpoint
RP458: 08/12/2008 21:14:23 - System Checkpoint
RP459: 10/12/2008 09:31:50 - System Checkpoint
RP460: 11/12/2008 16:22:45 - System Checkpoint
RP461: 12/12/2008 16:37:02 - System Checkpoint
RP462: 13/12/2008 17:03:48 - System Checkpoint
RP463: 14/12/2008 18:37:55 - System Checkpoint
RP464: 15/12/2008 19:00:53 - System Checkpoint
RP465: 16/12/2008 21:11:46 - System Checkpoint
RP466: 17/12/2008 13:21:00 - PRE CHRISTMAS 2008
RP467: 18/12/2008 15:08:24 - System Checkpoint
RP468: 18/12/2008 19:34:29 - Installed Java(TM) 6 Update 11
RP469: 20/12/2008 08:13:06 - System Checkpoint
RP470: 21/12/2008 08:26:48 - Restore Operation
RP471: 22/12/2008 09:33:47 - System Checkpoint
RP472: 22/12/2008 15:16:05 - Installed Java(TM) 6 Update 11
RP473: 23/12/2008 16:48:05 - System Checkpoint
RP474: 24/12/2008 17:38:16 - System Checkpoint
RP475: 25/12/2008 18:05:28 - System Checkpoint
RP476: 26/12/2008 18:43:39 - System Checkpoint
RP477: 27/12/2008 18:55:24 - System Checkpoint
RP478: 29/12/2008 09:15:57 - System Checkpoint
RP479: 30/12/2008 13:18:29 - System Checkpoint
RP480: 31/12/2008 16:50:57 - System Checkpoint
RP481: 01/01/2009 20:00:03 - System Checkpoint
RP482: 02/01/2009 21:14:35 - System Checkpoint
RP483: 04/01/2009 08:15:24 - System Checkpoint
RP484: 05/01/2009 11:46:02 - System Checkpoint
RP485: 06/01/2009 11:56:43 - System Checkpoint
RP486: 07/01/2009 13:20:48 - System Checkpoint
RP487: 08/01/2009 14:40:12 - System Checkpoint
RP488: 10/01/2009 10:04:54 - System Checkpoint
RP489: 11/01/2009 11:08:24 - System Checkpoint
RP490: 12/01/2009 12:40:19 - System Checkpoint
RP491: 13/01/2009 14:36:50 - System Checkpoint
RP492: 14/01/2009 15:50:03 - System Checkpoint
RP493: 15/01/2009 08:36:35 - Restore Operation
RP494: 16/01/2009 09:07:33 - System Checkpoint
RP495: 17/01/2009 09:31:23 - System Checkpoint
RP496: 18/01/2009 09:39:38 - System Checkpoint
RP497: 19/01/2009 08:55:38 - Restore Operation
RP498: 19/01/2009 10:09:25 - Rollback to an unsigned driver
RP499: 20/01/2009 13:13:02 - Installed MalwareRemovalBot
RP500: 20/01/2009 18:54:28 - Installed AdwareAlert
RP501: 20/01/2009 18:59:45 - Removed AdwareAlert
RP502: 20/01/2009 19:01:24 - Removed MalwareRemovalBot
RP503: 20/01/2009 19:16:45 - Restore Operation
RP504: 20/01/2009 19:47:21 - Restore Operation
RP505: 21/01/2009 10:04:07 - Revo Uninstaller's restore point - Orange - Logiciels Internet
RP506: 21/01/2009 10:07:22 - Revo Uninstaller's restore point - Orange - Logiciels Internet
RP507: 21/01/2009 10:07:46 - Revo Uninstaller's restore point - Orange - Logiciels Internet
RP508: 21/01/2009 10:08:58 - Revo Uninstaller's restore point - Orange - Logiciels Internet
RP509: 21/01/2009 20:43:23 - Restore Operation
RP510: 22/01/2009 12:09:09 - Revo Uninstaller's restore point - {CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}
RP511: 22/01/2009 12:09:37 - Installed Creative WebCam Monitor
RP512: 22/01/2009 12:11:01 - Revo Uninstaller's restore point - µTorrent
RP513: 22/01/2009 12:11:09 - Revo Uninstaller's restore point - µTorrent
RP514: 22/01/2009 12:12:51 - Revo Uninstaller's restore point - {D43F13A1-1E39-4BD4-9682-DF889FE75421}
RP515: 22/01/2009 12:13:09 - Installed PC-CAM Center
RP516: 22/01/2009 12:14:22 - Revo Uninstaller's restore point - Azureus Vuze
RP517: 22/01/2009 12:17:33 - Revo Uninstaller's restore point - LimeWire 4.18.3
RP518: 22/01/2009 12:20:45 - Revo Uninstaller's restore point - Orange - Logiciels Internet
RP519: 22/01/2009 14:15:08 - Installed SUPERAntiSpyware Free Edition
RP520: 23/01/2009 13:58:24 - Installed OpenOffice.org 3.0

==== Installed Programs ======================

ABBYY FineReader 4.0 Sprint
ACDSee 10 Photo Manager
Acrobat.com
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
Agent Ransack Version 1.7.3
Ahead InCD
AMP Font Viewer
AnalogX NetStat Live
ArcSoft PhotoStudio 5.5
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HydraVision
AVG 7.5
Belarc Advisor 7.2
BlackWidow
C-Map ECS
C-Map PCMCIA and USB drivers
Canon CanoScan Toolbox 4.9
Canon ScanGear Starter
Conexant USB Network Adapter
Convert
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam NX Pro Driver (1.03.03.0326)
Creative WebCam NX Pro User's Guide (English)
Diino 4.2.3.1
DirectorySizeMonitor 2.1
Duplicate Cleaner 1.2
DVD Solution
EasyCleaner
Express Rip
Fax by Modem 1.0
FileZilla Client 3.1.1.1
FMS
Folder Size for Windows
Free Download Manager 2.5
Free PDF to Word Doc Converter v1.1
GCH Guitar academy
GIMP 2.4.2
Google Earth
High Resolution World Data
HijackThis 2.0.2
Hotkey 2.0
IconTweaker 1.12
InfraRecorder
IrfanView (remove only)
ISO Recorder
IsoBuster 2.0
Java(TM) 6 Update 7
jTides 5.2
K-Meleon 1.1.6 en-US (remove only)
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Manual CanoScan LiDE 25
MaxSea v10.1.3.2
Medi@Show
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.0.4)
Multimedia Launcher
OpenCPN version 1.2.6
OpenOffice.org 3.0
Opera 9.51
PC Alarm Clock
PE Builder 3.1.10a
PhoneDeck 1.3
Photocopier 3.03
PhotoImpression
Power2Go 3.0
PowerDirector
PowerDVD
PowerProducer
Pub. 150 World Port Index 2005 Edition
PySol version 4.60
QuickTime
QuickTime Alternative 1.95
Revo Uninstaller 1.80
Samsung ML-4500 Series Driver
ScanOffix Pro
ScanSoft OmniPage SE 4.0
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Selingua
Serif PagePlus SE 1.0
SimpleOCR 3.1
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
TextBridge Pro 9.0
Trust Direct Webscan 19200 v1.0
Tweak UI
Ubuntu
Unlocker 1.8.5
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
VIA Rhine-Family Fast Ethernet Adapter
WebFldrs XP
Windows Installer Clean Up
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinImage
WinPcap 4.0.1
WinRAR archiver
XYplorer 4.50
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
ZyDAS IEEE 802.11 b+g Wireless LAN - USB

==== Event Viewer Messages From Past Week ========

18/01/2009 11:21:48, error: Service Control Manager [7000] - The Sandboxie Service service failed to start due to the following error: The system cannot find the path specified.
18/01/2009 11:21:48, error: Service Control Manager [7000] - The InCD File System Service service failed to start due to the following error: The system cannot find the path specified.
18/01/2009 11:21:48, error: Service Control Manager [7000] - The Sentinel driver service failed to start due to the following error: The system cannot find the file specified.
18/01/2009 14:04:56, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
19/01/2009 09:30:04, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
20/01/2009 19:30:01, error: Service Control Manager [7000] - The InCD File System Service service failed to start due to the following error: The system cannot find the file specified.
20/01/2009 19:30:01, error: Service Control Manager [7000] - The Sandboxie Service service failed to start due to the following error: The system cannot find the file specified.
20/01/2009 19:45:01, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
20/01/2009 20:47:18, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
20/01/2009 21:47:18, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
21/01/2009 09:49:50, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
21/01/2009 09:50:04, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
21/01/2009 09:50:05, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21/01/2009 09:50:30, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
21/01/2009 09:51:11, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
21/01/2009 09:51:11, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/01/2009 09:51:11, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
21/01/2009 09:51:11, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/01/2009 09:51:11, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/01/2009 09:51:11, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Avg7Core Avg7RsW Avg7RsXP BANTExt FileDisk Fips IPSec MRxSmb NetBIOS NetBT NetworkX RasAcd Rdbss Tcpip
21/01/2009 20:02:34, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 Avg7Core Avg7RsW Avg7RsXP BANTExt FileDisk Fips NetworkX
23/01/2009 13:14:10, error: Dhcp [1002] - The IP address lease 192.168.1.10 for the Network Card with network address 160925045500 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

 

Hi bg9208,

Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

Disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

DDS::
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: {DC5F9604-C6E2-47D0-8E0F-E60FCCB334C7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
Folder::
C:\RECYCLER(4)
c:\docume~1\briano~2.bri\applic~1\MalwareRemovalBot
c:\program files\RegistryPatrol3(2).0

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed when prompted.


Next, this tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I only want to see a Report of what it finds.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click 'Start' to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

• Once the short scan has finished, we need to change the default settings.
• In the Menu Bar at the top, click 'Setting'>Change Settings.
• Click on the Actions tab
• Using the drop down menus, change each item under Objects and Malware to [color= "Blue"] Report[/color]
• Next, 'tick' Complete Scan.
• Click the green arrow at the right, and the scan will start.
• Click 'No to All' if it asks if you want to cure/move the file.
• After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post the contents of the log from Dr.Web you saved previously in your next reply.

 

A number of problems

Hi Dave,
Thank you for your prompt response, I have done as you suggested and attach the CFS and DrWeb scans as requested. The latter took all day so I have not had the time to se if all or any problems have been
cured. I will report any recurring problems ASAP.
regards

Brian Owen


ComboFix 09-01-21.04 - Brian Owen 2009-01-26 9:56:23.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.196 [GMT 1:00]
Running from: G:\ComboFix.exe
Command switches used :: G:\cfscript.txt
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\briano~2.bri\applic~1\MalwareRemovalBot
c:\docume~1\briano~2.bri\applic~1\MalwareRemovalBot\Log\2009 Jan 20 - 01_13_16 PM_609.log
c:\docume~1\briano~2.bri\applic~1\MalwareRemovalBot\Log\2009 Jan 20 - 06_41_25 PM_312.log
c:\docume~1\briano~2.bri\applic~1\MalwareRemovalBot\rs.dat
c:\docume~1\briano~2.bri\applic~1\MalwareRemovalBot\Settings\ScanResults.pie
c:\program files\RegistryPatrol3(2).0
c:\program files\RegistryPatrol3(2).0\uninstal.log
C:\RECYCLER(4)
c:\recycler(4)\S-1-5-21-1614895754-839522115-725345543-1003(2)\INFO2
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-26 to 2009-01-26 )))))))))))))))))))))))))))))))
.

2009-01-24 13:06 . 2009-01-24 13:06 2,516 --a------ C:\FT_Splash.img
2009-01-23 20:59 . 2009-01-23 21:00 <DIR> d-------- c:\windows\ERUNT
2009-01-23 20:58 . 2009-01-23 21:42 <DIR> d-------- C:\SDFix
2009-01-23 14:05 . 2009-01-23 14:05 <DIR> d-------- c:\documents and settings\Brian Owen.BRIAN-5KBUIEUHT\Application Data\OpenOffice.org
2009-01-23 13:58 . 2009-01-23 13:58 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-01-23 13:58 . 2009-01-23 13:58 <DIR> d-------- c:\program files\JRE
2009-01-22 14:15 . 2009-01-22 14:15 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-22 14:15 . 2009-01-22 14:15 <DIR> d-------- c:\documents and settings\Brian Owen.BRIAN-5KBUIEUHT\Application Data\SUPERAntiSpyware.com
2009-01-22 14:15 . 2009-01-22 14:15 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-01-22 14:14 . 2009-01-22 14:14 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-21 21:02 . 2009-01-21 21:02 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-01-21 21:01 . 2009-01-21 21:01 <DIR> d-------- c:\program files\K-Meleon
2009-01-21 21:01 . 2009-01-21 21:01 <DIR> d-------- c:\program files\Free Download Manager
2009-01-21 21:01 . 2009-01-21 21:01 <DIR> d-------- c:\documents and settings\brian\Application Data\Talkback
2009-01-21 21:01 . 2009-01-21 21:01 <DIR> d-------- c:\documents and settings\brian\Application Data\SlipStream
2009-01-21 21:01 . 2009-01-21 21:01 <DIR> d-------- c:\documents and settings\Brian Owen.BRIAN-5KBUIEUHT\Application Data\Free Download Manager
2009-01-21 21:01 . 2009-01-21 21:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG
2009-01-21 21:01 . 2009-01-21 21:01 <DIR> d-------- C:\Compaq
2009-01-21 20:55 . 2009-01-21 20:55 <DIR> d-------- c:\program files\NetStat Live
2009-01-21 20:45 . 2009-01-21 20:45 <DIR> d-------- c:\documents and settings\Brian Owen.BRIAN-5KBUIEUHT\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-01-06 20:36 . 2009-01-06 20:36 3,686,454 --a------ c:\windows\ACD Wallpaper.bmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 15:29 --------- d-----w c:\documents and settings\Brian Owen.BRIAN-5KBUIEUHT\Application Data\AVG7
2009-01-22 19:23 --------- d-----w c:\program files\trend micro
2009-01-22 14:17 62,217 ---ha-w C:\jpeggeri.dat
2009-01-22 11:19 --------- d-----w c:\documents and settings\Brian Owen.BRIAN-5KBUIEUHT\Application Data\LimeWire
2009-01-22 11:08 --------- d-----w c:\program files\VS Revo Group
2009-01-21 20:00 --------- d-----w c:\documents and settings\Brian Owen.BRIAN-5KBUIEUHT\Application Data\opencpn
2009-01-21 19:52 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 18:34 --------- d-----w c:\program files\Java
2008-12-12 19:50 --------- d-----w c:\program files\FileZilla
2008-12-08 19:17 --------- d-----w c:\program files\Paint Shop Pro
2008-12-05 19:52 --------- d-----w c:\program files\Smart Bro
2008-12-05 19:52 --------- d-----w c:\program files\PhoneDeck
2008-12-04 14:11 --------- d-----w c:\documents and settings\Brian Owen.BRIAN-5KBUIEUHT\Application Data\Uniblue
2008-11-28 11:44 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-28 11:44 --------- d-----w c:\program files\Common Files\Adobe
2008-11-28 11:41 --------- d-----w c:\program files\OpenCPN
2008-11-28 11:41 --------- d-----w c:\program files\Navichart-Trial
2008-11-28 11:40 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.002\Application Data\AVG7
2008-11-15 17:03 25,992 ----a-w c:\windows\system32\pgdfgsvc.exe
2008-08-04 11:12 353,840 ----a-w c:\documents and settings\Brian Owen.BRIAN-5KBUIEUHT\RealPlayer11GOLD.exe
2008-08-04 07:29 3,288,104 ----a-w c:\documents and settings\Brian Owen.BRIAN-5KBUIEUHT\Diino_4.2_Setup.exe
2008-07-26 17:04 15,736 -c--a-w c:\program files\JkDefrag.log
2007-10-31 12:16 872 -c--a-w c:\program files\CloneSpy.ini
2007-10-31 12:15 5,435 -c--a-w c:\program files\CloneSpy.log
2004-12-11 07:23 3,918 -c--a-w c:\program files\Readme.txt
2004-12-11 07:20 49,173 -c--a-w c:\program files\winsetup.exe
2004-12-11 07:20 220 -c--a-w c:\program files\acsetup.cfg
2004-12-11 07:07 184,701 -c--a-w c:\program files\speech.vox
2004-12-11 07:07 1,943,049 -c--a-w c:\program files\music.vox
2004-08-07 14:14 187,904 -c--a-w c:\program files\HijackThis.exe
2004-06-06 06:19 238,481 -c--a-w c:\program files\CloneSpy.chm
2004-06-06 06:05 966,656 -c--a-w c:\program files\CloneSpy.exe
2004-03-11 11:27 40,960 -c--a-w c:\program files\Uninstall_CDS.exe
2003-10-13 15:02 262 -c--a-w c:\program files\file_id.diz
2003-09-08 00:49 507 -c--a-w c:\program files\DWG.BA_
2003-09-08 00:49 38 -c--a-w c:\program files\TFC.BAT
2003-09-08 00:49 23,428 -c--a-w c:\program files\ARCHIVER.BB2
2003-09-08 00:49 123 -c--a-w c:\program files\SAM.BA_
2001-09-10 07:10 61,440 -c--a-w c:\windows\inf\i386\onetUSD.dll
2001-09-06 07:58 139,264 -c--a-w c:\windows\inf\i386\Rtscan.dll
2001-08-17 17:43 32,768 -c--a-w c:\windows\inf\i386\Wiamicro.dll
2001-06-29 07:10 163,840 -c--a-w c:\windows\inf\i386\viceo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"RemoteControl "= "c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"AVG7_CC "= "c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 590848]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4 "= "c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"QuickTime Task "= "c:\program files\QuickTime Alternative\qttask.exe" [2007-10-19 286720]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"InstantAccess "= "c:\progra~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [2000-06-19 31744]
"RegisterDropHandler "= "c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [2000-06-19 22528]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMan "= "SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler "= "c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [2000-06-19 22528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
"AVG7_Run "= "c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136]

c:\documents and settings\Brian Owen.BRIAN-5KBUIEUHT\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-07-06 487424]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc "= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.ACDV "= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--a--c--- 2003-10-13 03:04 184320 c:\program files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotkey]
--a--c--- 2004-04-03 17:38 36864 c:\program files\Hotkey\Hotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
-----c--- 2003-12-22 21:15 86016 c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a--c--- 2006-09-07 18:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe "=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe "=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe "=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Avant Browser\\avant.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe "=
"c:\\Program Files\\Free Download Manager\\fdm.exe "=
"c:\\Program Files\\I&M\\MaxSea\\MaxSea.exe "=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-06-11 446976]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-10-08 20608]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 SbieDrv;SbieDrv;\??\c:\program files\Sandboxie\SbieDrv.sys --> c:\program files\Sandboxie\SbieDrv.sys [?]
S3 sentemul;sentemul;c:\windows\system32\drivers\SentEmul.sys [2008-09-22 11812]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{675f2e26-e85e-11dd-97b7-160925045500}]
\Shell\AutoRun\command - G:\EmDesk.exe
\Shell\EmDesk\command - G:\EmDesk.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-01-26 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Brian Owen.BRIAN-5KBUIEUHT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

2009-01-20 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe []

2009-01-20 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ORAHSSSessionManager - c:\program files\OrangeHSS\SessionManager\SessionManager.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: Add to EverNote - c:\program files\EverNote\EverNote\enbar.dll/2000
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brian Owen.BRIAN-5KBUIEUHT\Application Data\Mozilla\Firefox\Profiles\ytyrl0nq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 09:59:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-01-26 10:04:22
ComboFix-quarantined-files.txt 2009-01-26 09:03:03
ComboFix2.txt 2009-01-21 21:22:19

Pre-Run: 22,610,030,592 bytes free
Post-Run: 22,597,124,096 bytes free

224 --- E O F --- 2007-12-04 16:29:53



00161203.FIL;C:\$VAULT$.AVG;Trojan.Fakealert.1500;;
00312031.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
00376218.FIL;C:\$VAULT$.AVG;Trojan.Fakealert.1500;;
01914546.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
01922375.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
01935843.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
02014875.FIL;C:\$VAULT$.AVG;Trojan.Popuper.10842;;
03467188.FIL;C:\$VAULT$.AVG;Trojan.Inject.3608;;
07306812.FIL;C:\$VAULT$.AVG;Trojan.Popuper.10842;;
07343875.FIL;C:\$VAULT$.AVG;Trojan.Popuper.10842;;
63067877.FIL;C:\$VAULT$.AVG;Trojan.Click.19260;;
88403376.FIL;C:\$VAULT$.AVG;Trojan.Inject.3608;;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Brian Owen.BRIAN-5KBUIEUHT\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Brian Owen.BRIAN-5KBUIEUHT\Desktop;Archive contains infected objects;;
xcleaner_free.exe;C:\download;Probably DLOADER.Trojan;;
Process.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Tool.Prockill;;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
A0115287.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP492\A0115287.exe;Probably Trojan.Packed.365;;
A0115287.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP492;Archive contains infected objects;;
A0116546.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP493\A0116546.exe;Probably Trojan.Packed.365;;
A0116546.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP493;Archive contains infected objects;;
A0117116.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP497\A0117116.exe;Probably Trojan.Packed.365;;
A0117116.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP497;Archive contains infected objects;;
A0117158.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP497\A0117158.exe;Probably Trojan.Packed.365;;
A0117158.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP497;Archive contains infected objects;;
A0118725.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503\A0118725.exe;Probably Trojan.Packed.365;;
A0118725.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503;Archive contains infected objects;;
A0118770.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503\A0118770.exe;Probably Trojan.Packed.365;;
A0118770.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503;Archive contains infected objects;;
A0118939.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503\A0118939.exe;Probably Trojan.Packed.365;;
A0118939.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503;Archive contains infected objects;;
A0118981.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503\A0118981.exe;Probably Trojan.Packed.365;;
A0118981.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503;Archive contains infected objects;;
A0120856.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0120856.exe;Probably Trojan.Packed.365;;
A0120856.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;;
A0120898.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0120898.exe;Probably Trojan.Packed.365;;
A0120898.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;;
A0121036.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121036.exe;Probably Trojan.Packed.365;;
A0121036.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;;
A0121078.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121078.exe;Probably Trojan.Packed.365;;
A0121078.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;;
A0121764.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121764.exe;Probably Trojan.Packed.365;;
A0121764.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;;
A0121806.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121806.exe;Probably Trojan.Packed.365;;
A0121806.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;;
A0121926.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121926.exe;Probably Trojan.Packed.365;;
A0121926.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;;
A0121968.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121968.exe;Probably Trojan.Packed.365;;
A0121968.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;;
A0122864.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0122864.exe;Probably Trojan.Packed.365;;
A0122864.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0122906.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0122906.exe;Probably Trojan.Packed.365;;
A0122906.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0123059.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123059.exe;Probably Trojan.Packed.365;;
A0123059.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0123101.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123101.exe;Probably Trojan.Packed.365;;
A0123101.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0123790.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123790.exe;Probably Trojan.Packed.365;;
A0123790.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0123835.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123835.exe;Probably Trojan.Packed.365;;
A0123835.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0123967.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123967.exe;Probably Trojan.Packed.365;;
A0123967.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0124009.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0124009.exe;Probably Trojan.Packed.365;;
A0124009.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0124882.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0124882.exe;Probably Trojan.Packed.365;;
A0124882.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0124924.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0124924.exe;Probably Trojan.Packed.365;;
A0124924.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0125044.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125044.exe;Probably Trojan.Packed.365;;
A0125044.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0125086.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125086.exe;Probably Trojan.Packed.365;;
A0125086.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0125309.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125309.exe;Probably Trojan.Packed.365;;
A0125309.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0125351.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125351.exe;Probably Trojan.Packed.365;;
A0125351.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0125471.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125471.exe;Probably Trojan.Packed.365;;
A0125471.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
A0125513.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125513.exe;Probably Trojan.Packed.365;;
A0125513.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;;
data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP523\A0129860.exe\data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP523\A0129860.exe;Archive contains infected objects;;
A0129860.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP523;Archive contains infected objects;;
data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP523\A0129863.exe\data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP523\A0129863.exe;Archive contains infected objects;;
A0129863.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP523;Archive contains infected objects;;
A0129904.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP524;Tool.Prockill;;
A0129911.bat;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP524;Probably BATCH.Virus;;
A0129913.bat;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP524;Probably BATCH.Virus;;
A0009647.exe\data005;C:\System Volume Information\_restore{723AAABD-D05A-4EC5-9483-A14C8BA2C7BB}\RP26\A0009647.exe;Adware.NewDotNet;;
A0009647.exe\data007;C:\System Volume Information\_restore{723AAABD-D05A-4EC5-9483-A14C8BA2C7BB}\RP26\A0009647.exe;Adware.NewDotNet;;
A0009647.exe\data011;C:\System Volume Information\_restore{723AAABD-D05A-4EC5-9483-A14C8BA2C7BB}\RP26\A0009647.exe;Adware.Relevant;;
A0009647.exe;C:\System Volume Information\_restore{723AAABD-D05A-4EC5-9483-A14C8BA2C7BB}\RP26;Archive contains infected objects;;
data015\data003;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP33\A0008698.exe\data015;Adware.Msearch;;
data015\data005;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP33\A0008698.exe\data015;Adware.Msearch;;
data015;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP33\A0008698.exe;Archive contains infected objects;;
A0008698.exe\data016;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP33\A0008698.exe;Adware.SaveNow;;
A0008698.exe;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP33;Archive contains infected objects;;
A0010336.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP53\A0010336.exe;Tool.Prockill;;
A0010336.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP53\A0010336.exe;Tool.ShutDown.14;;
A0010336.exe;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP53;Archive contains infected objects;;

 

Hi Dave,

Problems remain with File/folder, can't change action or set as default.

Clicking on file in My Computer or explorer brings up search dialog insteadf of explorer.

Explorer listings seem very slow loading
.
Superantispyware seems to keep re-appearing as pop ups and files in a number of places.

Still unable to load IP internet software, message is " another installation is currently running please close all processes and relaunch "
Reboot and relaunch brings up same message.

Brian Owen

 

Please download this folder repair vbs from Doug Knox and run it to repair the behavior with the search companion.

Navigate to and remove the following file.

c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job


Please reinstall SuperAntiSpyware then see if it will uninstall successfully, without using the Revo Uninstaller.

What IP software are you trying to install, and why? Generally that type software is unnecessary.

 

Thank you for your message. I have removed the "Malwareremoval Bot ".

I have re-installed Superantispyware and it now seems to have un-installed correctly.

The software I am trying to re-install is "Livebox Installation CD ". My ADSL account is with France telecom/Wanadoo/Orange (All the same company) and it comes along with the broadband sign up with a Sagem Livebox ADSL modem.
I did have a similar problem before which you sorted for me but have been unable to find the solution on the WBBS site,

Now this is where I look comp[letely stupid!
Folder repair VBS - Sorry to be dense but not sure what I do with it as it is a text fil
with some text followed by what seems to be a sub routine Do I just strip off the preamble and copy the "Shell----" bit to a command line window ?

 

Right click the download link for folder repair vbs and select Save Target As, then save it to your desktop.
Double click the saved vbs file to install it.
You will receive a message when it's complete.

I'll look into the ADSL software this evening.

 

Numerous problems

As I cannot get online with the problem PC, I am having to juggle downloaded files between machines with a USB key. I right clicked download link on the file repair programme and dialog box came up - To "Save TARGET" only "Save LINK" available in dialog box so saved to USB key and then dragged to Problem PC desktop - double left clicked on the icon but doesn't seem to have made any difference - main folders open in explorer and sub folders still open in "Search ".

 

Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

Filename: folder_open.vbs
Save as type: All Files (*.*)

Code:

'folder_open.vbs - Fixes problem where Search opens on a double click
'© Doug Knox - 03/13/2002
'Downloaded from www.dougknox.com

Set WshShell = WScript.CreateObject( "WScript.Shell ")

p1 =  "HKEY_CLASSES_ROOT\Directory\shell\ "
p2 =  "none "

WshShell.RegWrite p1, p2

p1 =  "HKEY_CLASSES_ROOT\Drive\shell\ "
WshShell.RegWrite p1, p2

X = WshShell.Run( "REGSVR32 /I /S SHELL32.DLL ",4,True)
Set WshShell = Nothing

MyBox = MsgBox( "Folders will now Open when double clicked ", 4096,  "Finished! ")

Now transfer the file to the desktop of the affected computer. Double click the file and wait for the completed message.

 

Brilliant, the folder app. worked perfectly. At least I can now navigate my desktop again!
Thanks for your guidance and patience.

regards
Brian Owen

 

Please verify with both the Windows Installer Cleanup Utility and the Revo Uninstaller than the ADSL software is removed. Also remove the related folders, like c:\program files\orangehss

Restart the computer then try installing the software again. If you get any error messages, please copy then here exactly as shown.

 

I have run the msicuu2 Win32 Cabinet Self-Extractor Installer clean up file (Incidentally, the dialog box says "Microsoft Office Update, Is this relevant??). Revo uninstaller shows no unrequired items listed. All files with "Orange ", "Wanadoo ", "France telecom" and HSSORA searched for and when found deleted and PC rebooted
Attempt to run software on main PC starts installation initialisation with a lot of hard disk activity and then stops after 2 minutes with just the desktop display after waiting 20 minutes still no activity.

Attempting to run installation after this time brings up small dialog box headed "HSSORA~2" with underneath the dialog "Already running installation" with an "OK" button underneath.

Running the installation on a friend's PC is no problem, it runs and installs perfectly.

 

I don't know if this will be any help at all but I am attaching a list of all files and folders on the installation CD with the sizes in Kb next to the filenames

FILES

autorun 1
detection 2,590
lb.724.90-1.2c.md5 1
livebox 25
livebox_mini_V2.md5 2
setup 1
Setup 131

FOLDER Autres

orange 1583 app

FOLDER CE

CE_2007_955 104 pdf

FOLDER HSS8

hssorange 64978 App
Package Wifi.aec 2487 aec file


FOLDER Extras

.DS_Store 7 DS store

SUB Folder PC

Budapi.x32 284
CpeCfg.x32 232
DirecOS.x32 228
Directsound.x32 32
FileIo.x32 40
FileXtra4.x32 120
Flash Agent.x32 24
Flash Asset.x32 720
Font Asset.x32 62
Font Xtra.x32 272
INetURL.x32 44
MacroMix.x32 52
MastrApp.x32 138
Mix Services.x32 92
NetFile.x32 52
NetLingo.x32 48
SWACmpr.x32 180
SWACnvrt.x32 204
SWADCmpr.x32 68
SWAStrm.x32 56
Text Asset.x32 92
TextXtra.x32 336
xLaunch.x32 52

 

First, download, install and run ERUNT to save a backup of the registry.

Once again, look for and delete all files and folders commected with the ADSL software.


Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot


Next download, extract and run RegSeeker.

• Click Clean the Registry
• Make sure all boxes are checked except the one labled Invalid Services
• Click Autoclean
• Set it to 3 passes
• Select each of the following boxes
  • Clean the Registry
  • ActiveX/COM
  • Select All
  • IE History Cache Cookies
  • Internet Explorer URLs
  • Open files
  • Old Start Menu items
• Click GO!

Restart once more when RegSeeker finishes and do a quick check of things to verify the computer is working normally (other than the current problems). If you encounter any problems, post back here with details prior to doing anything else.

If all is well, try installing the ADSL software once more.

 

Load of problems

Problems solved!
Dave,
You are a diamond!! Yes, it worked!! My main PC is now back in the land of the living and seems to be functioning correctly in all areas. Your encyclopaedic knowledge has solved, what I really thought was an insoluble problem.
Many thanks, please give yourself a pat on the back for me.
WindowsBBS keep up the good work.


Problem still not solved.
At least it only one now.
Regretably, I spoke too soon. I can get on the internet, move form site to site but if I try to open, say an email attachment or download a file, my connection drops out, it will connect again after re-boot - until I try to be on the web for more than a couple of minutes. I have noticed in task manager that when it is running OK, there is listed "HSSORA.exe" which is the ISP related program and also "Shell.exe "-- The process ends itself when ther line drops. I'm probably wrong but I have never noticed "Shell.exe "if this could be a problem before and wonder. There seem to be anumber of "Shell.exe ",files, the latset dated today in Prefetch. Is this a worm or virus.

A more concise explanation of the problem is that, after booting the PC, I am immediately connected to the internet and can connect to Google and other sites. I have now left it for up to 3 hours and it is still connected, I can swap between sites but what happens in www.Windowsbbs.com happens on all other sites, I can access the site but when I attempt to drill down, the connection closes. This happens every time that I try for deeper access and the fact that it has only happened recently leads me to suspect that something has changed my connection settings. I still have the ethernet connection at 100mbs. Could this be a problem related to Firefox.


If I keep trying to reconnect, I get a no connection message, running the repair function comes back with unable to renew IP address -See administrator.
Again rebooting gives me a sort of connectivity again.

 

With the connection active, please run dds.scr again and post the dds.txt file here.

 

Hi Dave, Sorry for all the trouble. Herw is a DDS scan this afternoon with the connection to the internet enabled.


DDS (Ver_09-01-19.01) - NTFSx86
Run by Brian Owen at 16:33:57.31 on 30/01/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.203 [GMT 1:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Brian Owen.BRIAN-5KBUIEUHT\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} -
mURLSearchHooks: H - No File
BHO: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - Adobe PDF Reader Link Helper
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe "
mRun: [AVG7_CC] "c:\progra~1\grisoft\avg7\avgcc.exe" /STARTUP
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe "
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe "
mRun: [InstantAccess] c:\progra~1\textbr~1.0\bin\INSTAN~1.EXE /h
mRun: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\zdwlan~1.lnk - c:\program files\zydas technology corporation\zydas_802.11g_utility\ZDWlan.exe
IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\briano~2.bri\applic~1\mozilla\firefox\profiles\ytyrl0nq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-10-9 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-10-9 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-10-9 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-10-9 10760]
R4 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-9-12 418816]
R4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-9-12 49664]
R4 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-9-12 406528]
R4 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-10-9 4960]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-6-11 446976]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-10-8 20608]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-29 42512]
S3 SbieDrv;SbieDrv;\??\c:\program files\sandboxie\sbiedrv.sys --> c:\program files\sandboxie\SbieDrv.sys [?]
S3 sentemul;sentemul;c:\windows\system32\drivers\SentEmul.sys [2008-9-22 11812]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-01-29 15:24 83,456 a------- c:\windows\system32\drivers\Rtnicxp.sys
2009-01-29 11:35 <DIR> --d----- c:\program files\common files\France Telecom
2009-01-26 19:50 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-26 10:16 <DIR> --d----- c:\documents and settings\brian owen.brian-5kbuieuht\DoctorWeb
2009-01-23 20:59 <DIR> --d----- c:\windows\ERUNT
2009-01-22 14:15 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-01-22 14:15 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-21 21:02 <DIR> --d----- c:\program files\common files\ACD Systems
2009-01-21 21:01 <DIR> --d----- c:\program files\Free Download Manager
2009-01-21 21:01 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\FreeDownloadManager.ORG
2009-01-21 21:01 <DIR> --d----- c:\program files\K-Meleon
2009-01-21 21:01 <DIR> --d----- C:\Compaq
2009-01-21 20:55 <DIR> --d----- c:\program files\NetStat Live
2009-01-06 20:36 3,686,454 a------- c:\windows\ACD Wallpaper.bmp

==================== Find3M ====================

2009-01-22 15:17 62,217 a---h--- C:\jpeggeri.dat
2009-01-21 20:51 10,266 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2008-11-15 18:03 25,992 ac------ c:\windows\system32\pgdfgsvc.exe
2008-08-04 12:12 353,840 ac------ c:\documents and settings\brian owen.brian-5kbuieuht\RealPlayer11GOLD.exe
2008-08-04 08:29 3,288,104 ac------ c:\documents and settings\brian owen.brian-5kbuieuht\Diino_4.2_Setup.exe
2008-07-26 18:04 15,736 ac------ c:\program files\JkDefrag.log
2007-10-31 13:16 872 ac------ c:\program files\CloneSpy.ini
2007-10-31 13:15 5,435 ac------ c:\program files\CloneSpy.log
2004-12-11 08:23 3,918 ac------ c:\program files\Readme.txt
2004-12-11 08:20 49,173 ac------ c:\program files\winsetup.exe
2004-12-11 08:20 220 ac------ c:\program files\acsetup.cfg
2004-12-11 08:07 1,943,049 ac------ c:\program files\music.vox
2004-12-11 08:07 184,701 ac------ c:\program files\speech.vox
2004-08-07 15:14 187,904 ac------ c:\program files\HijackThis.exe
2004-06-06 07:19 238,481 ac------ c:\program files\CloneSpy.chm
2004-06-06 07:05 966,656 ac------ c:\program files\CloneSpy.exe
2004-03-11 12:27 40,960 ac------ c:\program files\Uninstall_CDS.exe
2003-10-13 16:02 262 ac------ c:\program files\file_id.diz
2003-09-08 01:49 23,428 ac------ c:\program files\ARCHIVER.BB2
2003-09-08 01:49 507 ac------ c:\program files\DWG.BA_
2003-09-08 01:49 123 ac------ c:\program files\SAM.BA_
2003-09-08 01:49 38 ac------ c:\program files\TFC.BAT
2001-09-10 08:10 61,440 ac------ c:\windows\inf\i386\onetUSD.dll
2001-09-06 08:58 139,264 ac------ c:\windows\inf\i386\Rtscan.dll
2001-08-17 18:43 32,768 ac------ c:\windows\inf\i386\Wiamicro.dll
2001-06-29 08:10 163,840 ac------ c:\windows\inf\i386\viceo.dll

============= FINISH: 16:34:22.95 ===============


Don't know if this might also be useful - a DDSlofg AFTER logging on to a site and trying to download a file (After about 2 minutes running before the connection stalled.)


DDS (Ver_09-01-19.01) - NTFSx86
Run by Brian Owen at 17:27:14.76 on 30/01/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.194 [GMT 1:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Brian Owen.BRIAN-5KBUIEUHT\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} -
mURLSearchHooks: H - No File
BHO: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - Adobe PDF Reader Link Helper
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe "
mRun: [AVG7_CC] "c:\progra~1\grisoft\avg7\avgcc.exe" /STARTUP
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe "
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe "
mRun: [InstantAccess] c:\progra~1\textbr~1.0\bin\INSTAN~1.EXE /h
mRun: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\zdwlan~1.lnk - c:\program files\zydas technology corporation\zydas_802.11g_utility\ZDWlan.exe
IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\briano~2.bri\applic~1\mozilla\firefox\profiles\ytyrl0nq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-10-9 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-10-9 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-10-9 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-10-9 10760]
R4 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-9-12 418816]
R4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-9-12 49664]
R4 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-9-12 406528]
R4 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-10-9 4960]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-6-11 446976]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-10-8 20608]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-29 42512]
S3 SbieDrv;SbieDrv;\??\c:\program files\sandboxie\sbiedrv.sys --> c:\program files\sandboxie\SbieDrv.sys [?]
S3 sentemul;sentemul;c:\windows\system32\drivers\SentEmul.sys [2008-9-22 11812]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-01-29 15:24 83,456 a------- c:\windows\system32\drivers\Rtnicxp.sys
2009-01-29 11:35 <DIR> --d----- c:\program files\common files\France Telecom
2009-01-26 19:50 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-26 10:16 <DIR> --d----- c:\documents and settings\brian owen.brian-5kbuieuht\DoctorWeb
2009-01-23 20:59 <DIR> --d----- c:\windows\ERUNT
2009-01-22 14:15 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-01-22 14:15 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-21 21:02 <DIR> --d----- c:\program files\common files\ACD Systems
2009-01-21 21:01 <DIR> --d----- c:\program files\Free Download Manager
2009-01-21 21:01 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\FreeDownloadManager.ORG
2009-01-21 21:01 <DIR> --d----- c:\program files\K-Meleon
2009-01-21 21:01 <DIR> --d----- C:\Compaq
2009-01-21 20:55 <DIR> --d----- c:\program files\NetStat Live
2009-01-06 20:36 3,686,454 a------- c:\windows\ACD Wallpaper.bmp

==================== Find3M ====================

2009-01-22 15:17 62,217 a---h--- C:\jpeggeri.dat
2009-01-21 20:51 10,266 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2008-11-15 18:03 25,992 ac------ c:\windows\system32\pgdfgsvc.exe
2008-08-04 12:12 353,840 ac------ c:\documents and settings\brian owen.brian-5kbuieuht\RealPlayer11GOLD.exe
2008-08-04 08:29 3,288,104 ac------ c:\documents and settings\brian owen.brian-5kbuieuht\Diino_4.2_Setup.exe
2008-07-26 18:04 15,736 ac------ c:\program files\JkDefrag.log
2007-10-31 13:16 872 ac------ c:\program files\CloneSpy.ini
2007-10-31 13:15 5,435 ac------ c:\program files\CloneSpy.log
2004-12-11 08:23 3,918 ac------ c:\program files\Readme.txt
2004-12-11 08:20 49,173 ac------ c:\program files\winsetup.exe
2004-12-11 08:20 220 ac------ c:\program files\acsetup.cfg
2004-12-11 08:07 1,943,049 ac------ c:\program files\music.vox
2004-12-11 08:07 184,701 ac------ c:\program files\speech.vox
2004-08-07 15:14 187,904 ac------ c:\program files\HijackThis.exe
2004-06-06 07:19 238,481 ac------ c:\program files\CloneSpy.chm
2004-06-06 07:05 966,656 ac------ c:\program files\CloneSpy.exe
2004-03-11 12:27 40,960 ac------ c:\program files\Uninstall_CDS.exe
2003-10-13 16:02 262 ac------ c:\program files\file_id.diz
2003-09-08 01:49 23,428 ac------ c:\program files\ARCHIVER.BB2
2003-09-08 01:49 507 ac------ c:\program files\DWG.BA_
2003-09-08 01:49 123 ac------ c:\program files\SAM.BA_
2003-09-08 01:49 38 ac------ c:\program files\TFC.BAT
2001-09-10 08:10 61,440 ac------ c:\windows\inf\i386\onetUSD.dll
2001-09-06 08:58 139,264 ac------ c:\windows\inf\i386\Rtscan.dll
2001-08-17 18:43 32,768 ac------ c:\windows\inf\i386\Wiamicro.dll
2001-06-29 08:10 163,840 ac------ c:\windows\inf\i386\viceo.dll

============= FINISH: 17:27:32.00 ===============

 

Oddly enough, neither HSSORA.exe or shell.exe appear anywhere in either of those logs. Lets run another tool. This tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I only want to see a Report of what it finds.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click 'Start' to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

• Once the short scan has finished, we need to change the default settings.
• In the Menu Bar at the top, click 'Setting'>Change Settings.
• Click on the Actions tab
• Using the drop down menus, change each item under Objects and Malware to [color= "Blue"] Report[/color]
• Next, 'tick' Complete Scan.
• Click the green arrow at the right, and the scan will start.
• Click 'No to All' if it asks if you want to cure/move the file.
• After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post the contents of the log from Dr.Web you saved previously in your next reply.

 

Loads of problems

Hi Dave,
Sorry for the delay in replying, Dr. Web scans seem to take a long time. I have attached 3 scan reports, just in case you needed, got a bit confused and think 1 and 3 are both the same during with access to the internet up and working and the number 2 after cennection has stalled.
Uninstalled my IPs software and again attempted to reload but still get message that it is already loading. However now when I open Firefox, I am immediately on line, Whoopee!!. Serendipity! Just need to be able to use it without stalling for more than 5 minutes. I don't know what I'm talking about of course but having stumbled across "Internet options" I wonder if any of these settings had been changed or how they should be set up?

Hope it is all understandable, if not I will try again. Thanks. I see that you are very busy at the moment.
Dr.Web 1
00161203.FIL;C:\$VAULT$.AVG;Trojan.Fakealert.1500;;
00312031.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
00376218.FIL;C:\$VAULT$.AVG;Trojan.Fakealert.1500;;
01914546.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
01922375.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
01935843.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
02014875.FIL;C:\$VAULT$.AVG;Trojan.Popuper.10842;;
03467188.FIL;C:\$VAULT$.AVG;Trojan.Inject.3608;;
07306812.FIL;C:\$VAULT$.AVG;Trojan.Popuper.10842;;
07343875.FIL;C:\$VAULT$.AVG;Trojan.Popuper.10842;;
63067877.FIL;C:\$VAULT$.AVG;Trojan.Click.19260;;
88403376.FIL;C:\$VAULT$.AVG;Trojan.Inject.3608;;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Brian Owen.BRIAN-5KBUIEUHT\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Brian Owen.BRIAN-5KBUIEUHT\Desktop;Archive contains infected objects;Moved.;
xcleaner_free.exe;C:\download;Probably DLOADER.Trojan;;
A0115287.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP492\A0115287.exe;Probably Trojan.Packed.365;;
A0115287.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP492;Archive contains infected objects;Moved.;
A0116546.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP493\A0116546.exe;Probably Trojan.Packed.365;;
A0116546.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP493;Archive contains infected objects;Moved.;
A0117116.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP497\A0117116.exe;Probably Trojan.Packed.365;;
A0117116.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP497;Archive contains infected objects;Moved.;
A0117158.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP497\A0117158.exe;Probably Trojan.Packed.365;;
A0117158.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP497;Archive contains infected objects;Moved.;
A0118725.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503\A0118725.exe;Probably Trojan.Packed.365;;
A0118725.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503;Archive contains infected objects;Moved.;
A0118770.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503\A0118770.exe;Probably Trojan.Packed.365;;
A0118770.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503;Archive contains infected objects;Moved.;
A0118939.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503\A0118939.exe;Probably Trojan.Packed.365;;
A0118939.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503;Archive contains infected objects;Moved.;
A0118981.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503\A0118981.exe;Probably Trojan.Packed.365;;
A0118981.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503;Archive contains infected objects;Moved.;
A0120856.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0120856.exe;Probably Trojan.Packed.365;;
A0120856.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0120898.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0120898.exe;Probably Trojan.Packed.365;;
A0120898.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0121036.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121036.exe;Probably Trojan.Packed.365;;
A0121036.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0121078.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121078.exe;Probably Trojan.Packed.365;;
A0121078.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0121764.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121764.exe;Probably Trojan.Packed.365;;
A0121764.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0121806.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121806.exe;Probably Trojan.Packed.365;;
A0121806.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0121926.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121926.exe;Probably Trojan.Packed.365;;
A0121926.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0121968.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121968.exe;Probably Trojan.Packed.365;;
A0121968.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0122864.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0122864.exe;Probably Trojan.Packed.365;;
A0122864.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0122906.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0122906.exe;Probably Trojan.Packed.365;;
A0122906.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0123059.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123059.exe;Probably Trojan.Packed.365;;
A0123059.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0123101.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123101.exe;Probably Trojan.Packed.365;;
A0123101.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0123790.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123790.exe;Probably Trojan.Packed.365;;
A0123790.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0123835.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123835.exe;Probably Trojan.Packed.365;;
A0123835.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0123967.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123967.exe;Probably Trojan.Packed.365;;
A0123967.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0124009.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0124009.exe;Probably Trojan.Packed.365;;
A0124009.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0124882.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0124882.exe;Probably Trojan.Packed.365;;
A0124882.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0124924.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0124924.exe;Probably Trojan.Packed.365;;
A0124924.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0125044.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125044.exe;Probably Trojan.Packed.365;;
A0125044.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0125086.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125086.exe;Probably Trojan.Packed.365;;
A0125086.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0125309.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125309.exe;Probably Trojan.Packed.365;;
A0125309.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0125351.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125351.exe;Probably Trojan.Packed.365;;
A0125351.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0125471.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125471.exe;Probably Trojan.Packed.365;;
A0125471.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0125513.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125513.exe;Probably Trojan.Packed.365;;
A0125513.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0129904.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP524;Tool.Prockill;;
A0129911.bat;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP524;Probably BATCH.Virus;;
A0129913.bat;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP524;Probably BATCH.Virus;;
A0132331.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP526;Tool.Prockill;;
A0133921.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP534\A0133921.exe;Tool.Prockill;;
A0133921.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP534;Archive contains infected objects;Moved.;
A0009647.exe\data005;C:\System Volume Information\_restore{723AAABD-D05A-4EC5-9483-A14C8BA2C7BB}\RP26\A0009647.exe;Adware.NewDotNet;;
A0009647.exe\data007;C:\System Volume Information\_restore{723AAABD-D05A-4EC5-9483-A14C8BA2C7BB}\RP26\A0009647.exe;Adware.NewDotNet;;
A0009647.exe\data011;C:\System Volume Information\_restore{723AAABD-D05A-4EC5-9483-A14C8BA2C7BB}\RP26\A0009647.exe;Adware.Relevant;;
A0009647.exe;C:\System Volume Information\_restore{723AAABD-D05A-4EC5-9483-A14C8BA2C7BB}\RP26;Archive contains infected objects;Moved.;
A0008698.exe\data016;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP33\A0008698.exe;Adware.SaveNow;;
A0008698.exe;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP33;Archive contains infected objects;Moved.;
A0010336.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP53\A0010336.exe;Tool.Prockill;;
A0010336.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP53\A0010336.exe;Tool.ShutDown.14;;
A0010336.exe;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP53;Archive contains infected objects;Moved.;



Dr,Web 2
00161203.FIL;C:\$VAULT$.AVG;Trojan.Fakealert.1500;;
00312031.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
00376218.FIL;C:\$VAULT$.AVG;Trojan.Fakealert.1500;;
01914546.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
01922375.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
01935843.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
02014875.FIL;C:\$VAULT$.AVG;Trojan.Popuper.10842;;
03467188.FIL;C:\$VAULT$.AVG;Trojan.Inject.3608;;
07306812.FIL;C:\$VAULT$.AVG;Trojan.Popuper.10842;;
07343875.FIL;C:\$VAULT$.AVG;Trojan.Popuper.10842;;
63067877.FIL;C:\$VAULT$.AVG;Trojan.Click.19260;;
88403376.FIL;C:\$VAULT$.AVG;Trojan.Inject.3608;;
xcleaner_free.exe;C:\download;Probably DLOADER.Trojan;;
data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP523\A0129860.exe\data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP523\A0129860.exe;Archive contains infected objects;;
A0129860.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP523;Archive contains infected objects;;
data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP523\A0129863.exe\data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP523\A0129863.exe;Archive contains infected objects;;
A0129863.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP523;Archive contains infected objects;;
A0129904.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP524;Tool.Prockill;;
A0129911.bat;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP524;Probably BATCH.Virus;;
A0129913.bat;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP524;Probably BATCH.Virus;;
A0132331.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP526;Tool.Prockill;;


Dr.Web 3

00161203.FIL;C:\$VAULT$.AVG;Trojan.Fakealert.1500;;
00312031.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
00376218.FIL;C:\$VAULT$.AVG;Trojan.Fakealert.1500;;
01914546.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
01922375.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
01935843.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.448;;
02014875.FIL;C:\$VAULT$.AVG;Trojan.Popuper.10842;;
03467188.FIL;C:\$VAULT$.AVG;Trojan.Inject.3608;;
07306812.FIL;C:\$VAULT$.AVG;Trojan.Popuper.10842;;
07343875.FIL;C:\$VAULT$.AVG;Trojan.Popuper.10842;;
63067877.FIL;C:\$VAULT$.AVG;Trojan.Click.19260;;
88403376.FIL;C:\$VAULT$.AVG;Trojan.Inject.3608;;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Brian Owen.BRIAN-5KBUIEUHT\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Brian Owen.BRIAN-5KBUIEUHT\Desktop;Archive contains infected objects;Moved.;
xcleaner_free.exe;C:\download;Probably DLOADER.Trojan;;
A0115287.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP492\A0115287.exe;Probably Trojan.Packed.365;;
A0115287.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP492;Archive contains infected objects;Moved.;
A0116546.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP493\A0116546.exe;Probably Trojan.Packed.365;;
A0116546.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP493;Archive contains infected objects;Moved.;
A0117116.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP497\A0117116.exe;Probably Trojan.Packed.365;;
A0117116.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP497;Archive contains infected objects;Moved.;
A0117158.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP497\A0117158.exe;Probably Trojan.Packed.365;;
A0117158.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP497;Archive contains infected objects;Moved.;
A0118725.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503\A0118725.exe;Probably Trojan.Packed.365;;
A0118725.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503;Archive contains infected objects;Moved.;
A0118770.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503\A0118770.exe;Probably Trojan.Packed.365;;
A0118770.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503;Archive contains infected objects;Moved.;
A0118939.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503\A0118939.exe;Probably Trojan.Packed.365;;
A0118939.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503;Archive contains infected objects;Moved.;
A0118981.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503\A0118981.exe;Probably Trojan.Packed.365;;
A0118981.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP503;Archive contains infected objects;Moved.;
A0120856.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0120856.exe;Probably Trojan.Packed.365;;
A0120856.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0120898.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0120898.exe;Probably Trojan.Packed.365;;
A0120898.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0121036.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121036.exe;Probably Trojan.Packed.365;;
A0121036.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0121078.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121078.exe;Probably Trojan.Packed.365;;
A0121078.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0121764.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121764.exe;Probably Trojan.Packed.365;;
A0121764.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0121806.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121806.exe;Probably Trojan.Packed.365;;
A0121806.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0121926.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121926.exe;Probably Trojan.Packed.365;;
A0121926.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0121968.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504\A0121968.exe;Probably Trojan.Packed.365;;
A0121968.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP504;Archive contains infected objects;Moved.;
A0122864.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0122864.exe;Probably Trojan.Packed.365;;
A0122864.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0122906.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0122906.exe;Probably Trojan.Packed.365;;
A0122906.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0123059.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123059.exe;Probably Trojan.Packed.365;;
A0123059.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0123101.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123101.exe;Probably Trojan.Packed.365;;
A0123101.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0123790.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123790.exe;Probably Trojan.Packed.365;;
A0123790.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0123835.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123835.exe;Probably Trojan.Packed.365;;
A0123835.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0123967.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0123967.exe;Probably Trojan.Packed.365;;
A0123967.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0124009.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0124009.exe;Probably Trojan.Packed.365;;
A0124009.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0124882.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0124882.exe;Probably Trojan.Packed.365;;
A0124882.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0124924.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0124924.exe;Probably Trojan.Packed.365;;
A0124924.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0125044.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125044.exe;Probably Trojan.Packed.365;;
A0125044.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0125086.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125086.exe;Probably Trojan.Packed.365;;
A0125086.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0125309.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125309.exe;Probably Trojan.Packed.365;;
A0125309.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0125351.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125351.exe;Probably Trojan.Packed.365;;
A0125351.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0125471.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125471.exe;Probably Trojan.Packed.365;;
A0125471.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0125513.exe\data002;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509\A0125513.exe;Probably Trojan.Packed.365;;
A0125513.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP509;Archive contains infected objects;Moved.;
A0129904.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP524;Tool.Prockill;;
A0129911.bat;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP524;Probably BATCH.Virus;;
A0129913.bat;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP524;Probably BATCH.Virus;;
A0132331.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP526;Tool.Prockill;;
A0133921.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP534\A0133921.exe;Tool.Prockill;;
A0133921.exe;C:\System Volume Information\_restore{68BC0F82-E42E-49AB-B8D2-EDFFB7FAD29E}\RP534;Archive contains infected objects;Moved.;
A0009647.exe\data005;C:\System Volume Information\_restore{723AAABD-D05A-4EC5-9483-A14C8BA2C7BB}\RP26\A0009647.exe;Adware.NewDotNet;;
A0009647.exe\data007;C:\System Volume Information\_restore{723AAABD-D05A-4EC5-9483-A14C8BA2C7BB}\RP26\A0009647.exe;Adware.NewDotNet;;
A0009647.exe\data011;C:\System Volume Information\_restore{723AAABD-D05A-4EC5-9483-A14C8BA2C7BB}\RP26\A0009647.exe;Adware.Relevant;;
A0009647.exe;C:\System Volume Information\_restore{723AAABD-D05A-4EC5-9483-A14C8BA2C7BB}\RP26;Archive contains infected objects;Moved.;
A0008698.exe\data016;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP33\A0008698.exe;Adware.SaveNow;;
A0008698.exe;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP33;Archive contains infected objects;Moved.;
A0010336.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP53\A0010336.exe;Tool.Prockill;;
A0010336.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP53\A0010336.exe;Tool.ShutDown.14;;
A0010336.exe;C:\System Volume Information\_restore{EC793C57-6E0E-48A7-A7E2-B7FAE6749036}\RP53;Archive contains infected objects;Moved.;

 

None of those detections poses any threat at this time.

I was quite surprized to read that you uninstalled the ADSL software after the ordeal we went through to get it installed.

I recommend you check for updated drivers to your network adapter. It may be in need and the root of the connection problem.