Solved 023 - Service keeps coming back?

[Resolved] 023 - Service keeps coming back?

Good morning all.

My son installed some game and i think this came with it? Eveytime i try to remove it using HJT it keeps coming back. I have looked for it using msconfig and can't see it. Any help would be great

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)

Many thanks,
Sean.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 14/01/2007 16:49:55
System Uptime: 05/06/2009 03:06:55 (-717 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7255
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Socket 775 | 1862/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 293 GiB total, 238.156 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP594: 06/05/2009 05:54:44 - System Checkpoint

==== Installed Programs ======================

7-Zip 4.42
AAC Decoder
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.4
Adobe Shockwave Player 11
AIM 6
AIM Toolbar 5.0
Apple Software Update
Applian FLV Player
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
AVG 8.5
blueMSX
Bonjour
Broken Sword
Broken Sword II™
Camtasia Studio 6
CCleaner (remove only)
Comodo Firewall
Creative WebCam Vista Plus Driver (1.02.02.0414)
Creatix V.92 Data Fax Modem
Critical Update for Windows Media Player 11 (KB959772)
CyberLink PowerDVD 8
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
EPSON Web-To-Page
Fraps
GameSpy Arcade
Google Earth
Google Update Helper
Graboid Video 1.5
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HyperCam 2
IBM ViaVoice Command and Control Runtime 5.3 - UK English
IBM ViaVoice Outloud Runtime - UK English
iPod for Windows 2006-01-10
iTunes
Java(TM) 6 Update 13
Last.fm 1.5.4.24567
LIVE gaming on Windows Runtime Version 1.0.6027
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.0.10)
MRU-Blaster v1.5 (Database 3/28/2004)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Neverwinter Nights
OCA Client history tool install
Pando Media Booster
Platform
Quake Live Mozilla Plugin
QuickTime
QuickTime 3.0
RAR Password Cracker 4.12
RealPlayer
Roxio Burn Engine
Saitek Dual Analog Rumble Pad
Samsung Master
Samsung USB Driver
Screen Video Recorder 1.5
ScummVM 0.13.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Snes9x
Sony Ericsson PC Suite
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.2
SpywareGuard v2.2
SyncView Alignment Tool
Taksi Desktop Video Recorder
Taksi Desktop Video Recorder v0.765
Total Video Converter 3.10
Total Video Converter 3.21 090220
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
VIA Platform Device Manager
VideoLAN VLC media player 0.8.6d
Vuze
WebFldrs XP
WeGame Client Beta 1.1.2
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Vista Upgrade Advisor
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
Xfire (remove only)
Xvid 1.2.1 final uninstall
ZD Recorder 3.0.3.0

==== Event Viewer Messages From Past Week ========

30/04/2009 11:04:55, error: Service Control Manager [7023] - The Uninterruptible Power Supply service terminated with the following error: %%2481
30/04/2009 11:04:55, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
30/04/2009 11:04:34, error: UPS [2481] - The UPS service is not configured correctly.
01/05/2009 23:00:40, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001617C81DAD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================



DDS (Ver_09-03-16.01) - NTFSx86
Run by shaun wade at 6:17:21.07 on 06/05/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.538 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *enabled*

============== Running Processes ===============

C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
svchost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\windows\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\shaun wade\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus DX7400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticde.exe /fu "c:\windows\temp\E_SAC.tmp" /EF "HKCU "
mRun: [Comodo Firewall] "c:\program files\comodo\firewall\CPF.exe" /background
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\shaunw~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228544287687
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228544271828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shaunw~1\applic~1\mozilla\firefox\profiles\xibohe18.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-4-28 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-14 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-4-28 108552]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2007-7-19 3026]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 298776]
R2 CmdAgent;Comodo Application Agent;c:\program files\comodo\firewall\cmdagent.exe [2007-2-19 361040]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
R3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [2007-1-28 138112]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-1-22 33792]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\drivers\pssdk30.drv --> c:\windows\system32\drivers\PsSdk30.drv [?]
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys --> c:\windows\system32\drivers\scrcap.sys [?]
S4 BGEEJA;BGEEJA;c:\docume~1\shaunw~1\locals~1\temp\bgeeja.exe --> c:\docume~1\shaunw~1\locals~1\temp\BGEEJA.exe [?]
S4 gupdate1c98e82b3f0c46;Google Update Service (gupdate1c98e82b3f0c46);c:\program files\google\update\GoogleUpdate.exe [2009-2-14 133104]
S4 SC;SC;c:\docume~1\shaunw~1\locals~1\temp\sc.exe --> c:\docume~1\shaunw~1\locals~1\temp\SC.exe [?]

=============== Created Last 30 ================

2009-05-04 22:48 <DIR> --d----- c:\program files\RAR Password Cracker
2009-04-30 23:46 <DIR> --d----- c:\program files\Mozilla ActiveX Control v1.7.12
2009-04-30 23:46 <DIR> --d----- c:\program files\VideoLAN
2009-04-30 23:45 <DIR> --d----- c:\program files\Graboid
2009-04-25 23:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Last.fm
2009-04-23 00:12 <DIR> --d----- C:\CFLog
2009-04-23 00:12 2,784,285 a------- c:\windows\system32\GameMon.des
2009-04-23 00:10 <DIR> --d----- c:\program files\common files\INCA Shared
2009-04-22 23:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2009-04-22 23:09 <DIR> --d----- c:\program files\Pando Networks
2009-04-20 01:39 <DIR> --d----- c:\windows\Applian FLV Player
2009-04-15 06:22 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 06:22 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 06:22 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 06:22 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 06:22 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 06:22 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 06:22 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 06:21 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 06:21 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 06:21 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-12 22:13 815,104 a------- c:\windows\system32\xvidcore.dll
2009-04-12 22:13 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-04-12 22:13 77,824 a------- c:\windows\system32\xvid.ax
2009-04-12 22:13 <DIR> --d----- c:\program files\Xvid
2009-04-12 22:11 <DIR> --d----- c:\program files\ZD Soft
2009-04-12 20:08 <DIR> --d----- c:\program files\SyncView
2009-04-12 20:08 7,883 a------- c:\windows\Eng_UK.gpl
2009-04-12 20:08 796,672 a------- c:\windows\GPInstall.exe
2009-04-12 19:42 0 a------- c:\windows\system32\TSR.key
2009-04-12 19:41 <DIR> --d----- c:\program files\TotalScreenRecorder
2009-04-12 07:36 <DIR> --d----- c:\program files\SpywareBlaster
2009-04-11 20:24 370 a------- c:\windows\scummvm.ini
2009-04-09 23:36 4,096 a--sh--- C:\Thumbs.db
2009-04-09 22:23 <DIR> --d----- c:\program files\ScummVM
2009-04-09 22:01 <DIR> --d----- C:\Tmp
2009-04-09 22:00 <DIR> --d----- c:\program files\Taksi
2009-04-09 06:03 <DIR> --d----- c:\docume~1\shaunw~1\applic~1\WeGame
2009-04-08 23:56 <DIR> --d----- c:\program files\common files\TechSmith Shared
2009-04-08 23:42 488,800 a------- c:\windows\system32\Ltkrn15u.dll
2009-04-08 23:42 185,688 a------- c:\windows\system32\Ltfil15u.dll
2009-04-08 23:42 390,496 a------- c:\windows\system32\Lfcmp15u.dll
2009-04-08 23:42 <DIR> --d----- c:\program files\WeGame
2009-04-08 23:33 <DIR> --d----- c:\program files\WMCap
2009-04-08 23:16 <DIR> --d----- c:\windows\Broken Sword II
2009-04-08 23:16 <DIR> --d----- c:\program files\Broken Sword II
2009-04-08 22:46 <DIR> --d----- c:\windows\Broken Sword
2009-04-08 22:46 <DIR> --d----- c:\program files\Broken Sword

==================== Find3M ====================

2009-05-06 06:14 36,508 a------- c:\docume~1\shaunw~1\applic~1\wklnhst.dat
2009-05-03 09:06 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-03 09:06 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-03 09:06 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-02 09:39 34 ac------ c:\documents and settings\shaun wade\jagex_runescape_preferences.dat
2009-03-29 07:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 19:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 13:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 13:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 13:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 13:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 12:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 11:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2008-10-05 13:54 164 ac--h--- c:\documents and settings\all users\hpothb07.dat
2008-06-30 12:13 661 a---h--- c:\documents and settings\shaun wade\hpothb07.dat
2007-11-09 07:24 14 ac------ c:\documents and settings\shaun wade\getfile.dat
2007-09-23 22:19 22,328 a------- c:\docume~1\shaunw~1\applic~1\PnkBstrK.sys
2007-01-15 13:22 0 ac-sh--- c:\windows\sminst\HPCD.sys
2007-07-16 21:29 56 -c-shr-- c:\windows\system32\F717CDCD42.sys
2007-07-16 21:32 1,682 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-07-12 08:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071220080713\index.dat
2008-07-12 08:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 6:18:08.10 ===============

 

Hi and welcome


The presence of this file concerns me
c:\program files\RAR Password Cracker

Downloading cracks and keygens for illegal software or trying to gain access to online games through hacking a gamers password will infect a machine in a heart beat.


***
Please download OTMoveIt3 by OldTimer and save it to your desktop

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below. ( Make sure you include rocesses )

Code:

:Processes
explorer.exe
:services
npggsvc
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• - Close ALL open windows (especially Internet Explorer!)-
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================



NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
OTMoveIt log
Kaspersky log
New HJT log taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.

 

Hi Juliet, and thank you for your help with this problem.

.....Me too, My son is still in bed (5.30AM here) but i will be having serious words with him later!

I have completed the OTMoveit instructions and run the ATF cleaner (Already had it). I have to go to work in a while so i will finish your instructions (online scan) when i get home later this afternoon.

Thanks again for your valuable time,

Cheers, Sean.

 

Welcome back

Post the logs when you can, it would be wise not to allow much internet access till we can see if there are any infections that should be removed.

 

Hi Juliet and thanks for your help.

I have also uninstalled the offending program (Rar password cracker) after having a good chat to my son.

Here we go...

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver npggsvc deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\SHAUNW~1\LOCALS~1\Temp\~DF5801.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SHAUNW~1\LOCALS~1\Temp\~DFA7C0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SHAUNW~1\LOCALS~1\Temp\~DFE0B6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\shaun wade\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05132009_051725

Files moved on Reboot...
C:\DOCUME~1\SHAUNW~1\LOCALS~1\Temp\~DF5801.tmp moved successfully.
C:\DOCUME~1\SHAUNW~1\LOCALS~1\Temp\~DFA7C0.tmp moved successfully.
C:\DOCUME~1\SHAUNW~1\LOCALS~1\Temp\~DFE0B6.tmp moved successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:58, on 13/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\windows\TEMP\E_SAC.tmp" /EF "HKCU "
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228544287687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228544271828
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5606 bytes



Wednesday, May 13, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 13, 2009 16:08:35
Records in database: 2173179
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
I:\
Scan statistics
Files scanned 110436
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 02:21:24

No malware has been detected. The scan area is clean.
The selected area was scanned.

Cheers and good luck to you,

Sean.

 

Good deal with Kaspersky.



One other quick scan if you don't mind.

btw, how is the computer?


Download Lop S&D

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: C:\lopR.txt

 

Good morning to you Juliet.

Good news about the Kas scan. The computer is just fine, nothing out of the ordinary.

Here’s the scan you requested...


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : shaun wade ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
Firewall : COMODO Firewall Pro 2.3.035 (Activated)
C:\ (Local Disk) - NTFS - Total:292 Go (Free:235 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 14/05/2009| 5:09 )

--------------------\\ Listing folders in APPLIC~1

[02/12/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[11/11/2008|06:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[17/12/2008|22:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[08/03/2009|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[17/12/2008|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
[02/12/2008|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[29/10/2008|21:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[25/03/2009|07:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[22/03/2009|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[24/11/2007|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
[20/12/2008|01:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[07/12/2008|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[02/03/2009|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\id Software
[25/09/2007|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IJJIGame
[22/01/2008|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
[10/05/2009|01:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Last.fm
[15/03/2008|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[14/11/2008|06:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[23/12/2008|06:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[12/05/2009|06:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
[07/02/2009|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[15/01/2007|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[04/03/2007|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[08/02/2007|05:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
[22/04/2009|23:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PMB Files
[26/08/2007|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
[28/04/2008|06:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[23/07/2008|06:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[14/05/2009|04:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/07/2008|06:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[13/05/2009|05:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[04/03/2007|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[07/12/2008|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[23/12/2008|07:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[21/08/2006|14:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[23/08/2006|09:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[21/08/2006|17:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[21/08/2006|13:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[21/08/2006|13:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[31/03/2006|10:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView

[17/12/2008|22:34] C:\DOCUME~1\KIERAN~1\APPLIC~1\acccore
[17/08/2007|05:39] C:\DOCUME~1\KIERAN~1\APPLIC~1\acccore(2)
[27/05/2008|20:57] C:\DOCUME~1\KIERAN~1\APPLIC~1\Adobe
[09/02/2007|23:01] C:\DOCUME~1\KIERAN~1\APPLIC~1\AdobeUM
[29/04/2007|21:03] C:\DOCUME~1\KIERAN~1\APPLIC~1\Ahead
[03/03/2007|13:49] C:\DOCUME~1\KIERAN~1\APPLIC~1\Apple Computer
[23/08/2006|09:35] C:\DOCUME~1\KIERAN~1\APPLIC~1\ATI
[30/10/2008|07:35] C:\DOCUME~1\KIERAN~1\APPLIC~1\AVGTOOLBAR
[12/04/2009|14:39] C:\DOCUME~1\KIERAN~1\APPLIC~1\Azureus
[23/11/2007|06:23] C:\DOCUME~1\KIERAN~1\APPLIC~1\Comodo
[20/12/2008|01:10] C:\DOCUME~1\KIERAN~1\APPLIC~1\CyberLink
[13/07/2008|01:38] C:\DOCUME~1\KIERAN~1\APPLIC~1\DAEMON Tools
[05/08/2007|07:45] C:\DOCUME~1\KIERAN~1\APPLIC~1\Dev-Cpp
[07/01/2009|22:34] C:\DOCUME~1\KIERAN~1\APPLIC~1\DivX
[04/02/2007|01:53] C:\DOCUME~1\KIERAN~1\APPLIC~1\DMCache
[23/01/2008|17:35] C:\DOCUME~1\KIERAN~1\APPLIC~1\DNA
[17/06/2007|00:31] C:\DOCUME~1\KIERAN~1\APPLIC~1\dvdcss
[14/01/2009|19:17] C:\DOCUME~1\KIERAN~1\APPLIC~1\eBookPro6
[11/02/2007|15:43] C:\DOCUME~1\KIERAN~1\APPLIC~1\FastStone
[01/02/2009|22:54] C:\DOCUME~1\KIERAN~1\APPLIC~1\GetRightToGo
[01/12/2008|18:31] C:\DOCUME~1\KIERAN~1\APPLIC~1\gtk-2.0
[05/02/2007|08:15] C:\DOCUME~1\KIERAN~1\APPLIC~1\Help
[21/08/2006|17:37] C:\DOCUME~1\KIERAN~1\APPLIC~1\Identities
[25/09/2007|21:31] C:\DOCUME~1\KIERAN~1\APPLIC~1\ijjigame
[19/08/2008|22:51] C:\DOCUME~1\KIERAN~1\APPLIC~1\InstallShield
[21/08/2006|13:52] C:\DOCUME~1\KIERAN~1\APPLIC~1\Macromedia
[22/03/2008|13:01] C:\DOCUME~1\KIERAN~1\APPLIC~1\Malwarebytes
[15/04/2009|02:50] C:\DOCUME~1\KIERAN~1\APPLIC~1\ManyCam
[01/02/2009|22:51] C:\DOCUME~1\KIERAN~1\APPLIC~1\Microsoft
[16/05/2007|20:36] C:\DOCUME~1\KIERAN~1\APPLIC~1\MoyeaFLV2Video
[03/04/2009|21:17] C:\DOCUME~1\KIERAN~1\APPLIC~1\Mozilla
[30/04/2009|23:48] C:\DOCUME~1\KIERAN~1\APPLIC~1\MozillaControl
[09/08/2007|23:42] C:\DOCUME~1\KIERAN~1\APPLIC~1\MSN6
[15/06/2007|04:48] C:\DOCUME~1\KIERAN~1\APPLIC~1\NCH Swift Sound
[03/04/2009|21:17] C:\DOCUME~1\KIERAN~1\APPLIC~1\Octoshape
[07/05/2007|12:44] C:\DOCUME~1\KIERAN~1\APPLIC~1\Real
[14/01/2007|20:01] C:\DOCUME~1\KIERAN~1\APPLIC~1\Roxio
[31/03/2006|10:39] C:\DOCUME~1\KIERAN~1\APPLIC~1\SampleView
[09/04/2009|22:23] C:\DOCUME~1\KIERAN~1\APPLIC~1\ScummVM
[23/07/2008|09:28] C:\DOCUME~1\KIERAN~1\APPLIC~1\Sony Ericsson
[08/08/2007|19:23] C:\DOCUME~1\KIERAN~1\APPLIC~1\Spectaculator
[13/11/2008|23:25] C:\DOCUME~1\KIERAN~1\APPLIC~1\Sun
[21/01/2007|17:20] C:\DOCUME~1\KIERAN~1\APPLIC~1\Talkback
[23/07/2008|09:28] C:\DOCUME~1\KIERAN~1\APPLIC~1\Teleca
[14/01/2007|21:34] C:\DOCUME~1\KIERAN~1\APPLIC~1\Template
[15/01/2009|22:41] C:\DOCUME~1\KIERAN~1\APPLIC~1\uTorrent
[05/05/2009|00:14] C:\DOCUME~1\KIERAN~1\APPLIC~1\vlc
[03/03/2007|13:42] C:\DOCUME~1\KIERAN~1\APPLIC~1\Vso
[08/04/2009|23:43] C:\DOCUME~1\KIERAN~1\APPLIC~1\WeGame
[19/06/2008|00:18] C:\DOCUME~1\KIERAN~1\APPLIC~1\Xfire

[25/07/2007|15:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\CyberLink
[14/01/2007|18:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[12/12/2008|07:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore

[14/01/2007|18:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[02/10/2007|22:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

[15/08/2008|06:30] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Adobe
[20/07/2007|05:20] C:\DOCUME~1\SHAUNW~1\APPLIC~1\AdobeUM
[30/04/2007|16:20] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Ahead
[14/01/2007|21:16] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Apple Computer
[23/08/2006|09:35] C:\DOCUME~1\SHAUNW~1\APPLIC~1\ATI
[28/04/2008|06:04] C:\DOCUME~1\SHAUNW~1\APPLIC~1\AVGTOOLBAR
[23/11/2007|05:21] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Comodo
[30/08/2007|06:29] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Creative
[17/01/2009|13:39] C:\DOCUME~1\SHAUNW~1\APPLIC~1\DivX
[25/02/2009|14:04] C:\DOCUME~1\SHAUNW~1\APPLIC~1\EPSON
[14/02/2009|09:56] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Google
[15/01/2007|05:34] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Help
[18/01/2007|17:16] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Hewlett-Packard
[13/06/2008|19:04] C:\DOCUME~1\SHAUNW~1\APPLIC~1\HiYo
[21/08/2006|17:37] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Identities
[23/08/2008|15:35] C:\DOCUME~1\SHAUNW~1\APPLIC~1\InstallShield
[24/11/2007|16:07] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Leadertech
[21/08/2006|13:52] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Macromedia
[15/03/2008|15:34] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Malwarebytes
[12/05/2009|06:17] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Microsoft
[26/08/2008|17:59] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Mozilla
[13/04/2007|19:19] C:\DOCUME~1\SHAUNW~1\APPLIC~1\MSN6
[14/01/2007|18:21] C:\DOCUME~1\SHAUNW~1\APPLIC~1\MSNInstaller
[15/09/2007|07:43] C:\DOCUME~1\SHAUNW~1\APPLIC~1\OfficeUpdate12
[18/01/2007|04:47] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Real
[17/01/2007|05:04] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Roxio
[23/07/2008|06:38] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Sony Ericsson
[13/11/2008|08:32] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Sun
[23/01/2007|07:51] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Talkback
[23/07/2008|06:40] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Teleca
[15/01/2007|07:52] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Template
[15/12/2007|17:53] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Uniblue
[09/04/2009|06:03] C:\DOCUME~1\SHAUNW~1\APPLIC~1\WeGame
[14/03/2009|17:25] C:\DOCUME~1\SHAUNW~1\APPLIC~1\wsInspector
[20/12/2008|18:01] C:\DOCUME~1\SHAUNW~1\APPLIC~1\Xfire

[02/10/2008|20:47] C:\DOCUME~1\TEMP\APPLIC~1\ATI
[02/10/2008|20:47] C:\DOCUME~1\TEMP\APPLIC~1\AVGTOOLBAR
[02/10/2008|20:47] C:\DOCUME~1\TEMP\APPLIC~1\Comodo
[02/10/2008|20:47] C:\DOCUME~1\TEMP\APPLIC~1\Identities
[02/10/2008|20:47] C:\DOCUME~1\TEMP\APPLIC~1\Macromedia
[02/10/2008|20:47] C:\DOCUME~1\TEMP\APPLIC~1\Microsoft
[02/10/2008|20:47] C:\DOCUME~1\TEMP\APPLIC~1\Mozilla
[02/10/2008|20:47] C:\DOCUME~1\TEMP\APPLIC~1\SampleView

--------------------\\ Scheduled Tasks located in C:\windows\Tasks

[14/05/2009 03:28][--a------] C:\windows\tasks\GoogleUpdateTaskMachine.job
[12/05/2009 17:07][--a------] C:\windows\tasks\AppleSoftwareUpdate.job
[14/05/2009 03:27][--ah-----] C:\windows\tasks\SA.DAT
[10/08/2004 20:00][-r-h-c---] C:\windows\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/02/2007|20:11] C:\Program Files\7-Zip
[11/11/2008|06:54] C:\Program Files\Adobe
[08/03/2009|12:51] C:\Program Files\AIM6
[22/12/2008|21:43] C:\Program Files\AOL
[26/10/2008|05:15] C:\Program Files\Apple Software Update
[23/08/2006|09:33] C:\Program Files\ATI Technologies
[28/04/2008|05:59] C:\Program Files\AVG
[20/07/2007|00:57] C:\Program Files\Blender Foundation
[02/06/2008|22:14] C:\Program Files\blueMSX
[02/12/2008|18:12] C:\Program Files\Bonjour
[12/04/2009|02:15] C:\Program Files\Broken Sword
[08/04/2009|23:23] C:\Program Files\Broken Sword II
[12/11/2008|06:31] C:\Program Files\CCleaner
[23/04/2009|00:10] C:\Program Files\Common Files
[15/07/2007|06:42] C:\Program Files\Comodo
[12/11/2007|18:52] C:\Program Files\Creative
[20/12/2008|01:08] C:\Program Files\CyberLink
[13/07/2008|01:42] C:\Program Files\DAEMON Tools Lite
[07/01/2009|22:28] C:\Program Files\DivX
[19/01/2008|00:26] C:\Program Files\DNA
[25/10/2008|00:41] C:\Program Files\DOSBox-0.72
[07/12/2008|12:44] C:\Program Files\epson
[29/01/2007|23:45] C:\Program Files\ePSXe
[05/06/2007|22:37] C:\Program Files\FastCapPro
[11/02/2007|15:43] C:\Program Files\FastStone Capture
[20/04/2009|01:39] C:\Program Files\FLV Player
[28/04/2007|17:27] C:\Program Files\Fox
[26/04/2007|05:11] C:\Program Files\Fx Vid Cap
[07/02/2009|16:38] C:\Program Files\GameSpy Arcade
[14/02/2009|21:30] C:\Program Files\Google
[30/04/2009|23:46] C:\Program Files\Graboid
[28/04/2008|05:59] C:\Program Files\Grisoft
[05/08/2007|07:45] C:\Program Files\GStudio6
[24/07/2008|18:58] C:\Program Files\HijackThis
[12/04/2009|00:51] C:\Program Files\HyCam2
[07/10/2007|21:43] C:\Program Files\Immortals Online
[18/03/2009|07:23] C:\Program Files\InstallShield Installation Information
[16/06/2007|09:13] C:\Program Files\InterMute
[15/04/2009|06:27] C:\Program Files\Internet Explorer
[02/12/2008|18:23] C:\Program Files\iPod
[07/07/2008|21:59] C:\Program Files\IrfanView
[02/12/2008|18:24] C:\Program Files\iTunes
[29/03/2009|07:59] C:\Program Files\Java
[05/08/2007|07:43] C:\Program Files\Jnes 0.6
[10/05/2009|01:55] C:\Program Files\Last.fm
[07/04/2009|04:24] C:\Program Files\Malwarebytes' Anti-Malware
[13/08/2008|06:01] C:\Program Files\Messenger
[07/06/2007|16:24] C:\Program Files\MFInstall
[02/06/2008|22:14] C:\Program Files\MGS2
[23/12/2008|06:41] C:\Program Files\Microsoft ActiveSync
[21/08/2006|17:38] C:\Program Files\microsoft frontpage
[06/02/2009|23:06] C:\Program Files\Microsoft Games
[07/02/2009|16:38] C:\Program Files\Microsoft Office
[23/04/2009|03:42] C:\Program Files\Microsoft Silverlight
[07/02/2009|16:38] C:\Program Files\Microsoft Works
[23/12/2008|06:39] C:\Program Files\Microsoft.NET
[12/07/2008|08:01] C:\Program Files\Movie Maker
[30/04/2009|23:46] C:\Program Files\Mozilla ActiveX Control v1.7.12
[13/05/2009|20:02] C:\Program Files\Mozilla Firefox
[07/12/2007|06:35] C:\Program Files\MRU-Blaster
[16/02/2009|07:45] C:\Program Files\MSBuild
[15/01/2007|00:17] C:\Program Files\MSN
[21/08/2006|17:38] C:\Program Files\MSN Gaming Zone
[05/09/2008|19:44] C:\Program Files\MSN Messenger
[05/08/2007|07:49] C:\Program Files\MSN Messenger(2)
[07/02/2009|16:38] C:\Program Files\MSXML 4.0
[05/08/2007|07:45] C:\Program Files\NCH Swift Sound
[12/07/2008|07:58] C:\Program Files\NetMeeting
[21/08/2006|17:38] C:\Program Files\Oca History Tool
[21/08/2006|17:38] C:\Program Files\Online Services
[07/01/2009|22:28] C:\Program Files\Opera
[12/07/2008|07:58] C:\Program Files\Outlook Express
[22/04/2009|23:09] C:\Program Files\Pando Networks
[11/02/2007|18:30] C:\Program Files\Quick Screen Recorder
[02/12/2008|18:22] C:\Program Files\QuickTime
[18/01/2007|04:43] C:\Program Files\Real
[16/02/2009|07:45] C:\Program Files\Reference Assemblies
[08/02/2007|08:27] C:\Program Files\ReflexiveArcade
[30/01/2007|13:28] C:\Program Files\Saitek Dual Analog Rumble Pad
[23/08/2008|15:36] C:\Program Files\Samsung
[19/02/2007|05:25] C:\Program Files\ScreenVCR
[09/04/2009|22:23] C:\Program Files\ScummVM
[09/08/2007|21:31] C:\Program Files\Snes9x
[23/07/2008|06:36] C:\Program Files\Sony Ericsson
[12/03/2009|04:59] C:\Program Files\Spybot - Search & Destroy
[13/05/2009|05:58] C:\Program Files\SpywareBlaster
[13/04/2009|07:02] C:\Program Files\SpywareGuard
[14/03/2009|17:28] C:\Program Files\Startup Inspector for Windows
[12/04/2009|20:08] C:\Program Files\SyncView
[12/04/2009|15:16] C:\Program Files\Taksi
[08/04/2009|23:56] C:\Program Files\TechSmith
[12/04/2009|02:01] C:\Program Files\Total Video Converter
[05/05/2009|23:36] C:\Program Files\TotalScreenRecorder
[08/09/2007|16:41] C:\Program Files\Trend Micro
[19/02/2007|06:10] C:\Program Files\Trustix
[11/02/2007|15:43] C:\Program Files\TurboDemo 7.5 Trial
[15/07/2007|15:13] C:\Program Files\Uninstall Information
[05/04/2009|20:09] C:\Program Files\Unlocker
[15/01/2009|21:55] C:\Program Files\uTorrent
[21/08/2006|13:03] C:\Program Files\VIA
[21/08/2006|13:17] C:\Program Files\VIAudioi
[03/04/2007|09:37] C:\Program Files\ViaVoice Outloud
[30/04/2009|23:46] C:\Program Files\VideoLAN
[11/04/2009|20:28] C:\Program Files\Vuze
[08/04/2009|23:42] C:\Program Files\WeGame
[16/01/2008|17:10] C:\Program Files\Windows Media Connect 2
[20/01/2009|06:00] C:\Program Files\Windows Media Player
[12/07/2008|07:58] C:\Program Files\Windows NT
[27/04/2008|00:44] C:\Program Files\WinPcap
[17/11/2007|11:27] C:\Program Files\WinRAR
[08/04/2009|23:50] C:\Program Files\WMCap
[21/08/2006|17:38] C:\Program Files\xerox
[19/06/2008|04:41] C:\Program Files\Xfire
[13/04/2009|01:29] C:\Program Files\Xvid
[11/04/2009|20:41] C:\Program Files\YouTube Downloader
[12/04/2009|22:11] C:\Program Files\ZD Soft
[05/06/2007|21:41] C:\Program Files\Zeallsoft

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/11/2008|06:54] C:\Program Files\Common Files\Adobe
[22/12/2008|21:43] C:\Program Files\Common Files\AOL
[03/12/2008|07:16] C:\Program Files\Common Files\Apple
[06/03/2008|21:37] C:\Program Files\Common Files\Blizzard Entertainment
[20/12/2008|01:08] C:\Program Files\Common Files\CyberLink
[23/12/2008|06:41] C:\Program Files\Common Files\DESIGNER
[05/08/2007|07:46] C:\Program Files\Common Files\DeskShare Shared
[20/05/2007|23:23] C:\Program Files\Common Files\DirectX
[18/01/2007|17:11] C:\Program Files\Common Files\Hewlett-Packard
[23/04/2009|00:10] C:\Program Files\Common Files\INCA Shared
[07/12/2008|12:47] C:\Program Files\Common Files\InstallShield
[07/02/2009|16:38] C:\Program Files\Common Files\Microsoft Shared
[21/08/2006|17:38] C:\Program Files\Common Files\MSSoap
[21/08/2006|17:38] C:\Program Files\Common Files\ODBC
[24/07/2008|06:23] C:\Program Files\Common Files\Real
[21/08/2006|17:38] C:\Program Files\Common Files\Roxio Shared
[20/07/2007|05:17] C:\Program Files\Common Files\Services
[23/07/2008|06:36] C:\Program Files\Common Files\Sony Ericsson Shared
[21/08/2006|17:38] C:\Program Files\Common Files\SpeechEngines
[28/10/2007|20:59] C:\Program Files\Common Files\Storage
[07/12/2007|14:59] C:\Program Files\Common Files\SupportSoft
[12/07/2008|07:58] C:\Program Files\Common Files\System
[08/04/2009|23:56] C:\Program Files\Common Files\TechSmith Shared
[23/07/2008|06:36] C:\Program Files\Common Files\Teleca Shared
[24/07/2008|06:23] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 42 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 05:10:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 25

--------------------\\ Searching for other infections


No other infections found !

[F:4][D:1]-> C:\DOCUME~1\SHAUNW~1\LOCALS~1\Temp
[F:58][D:0]-> C:\DOCUME~1\SHAUNW~1\Cookies
[F:204][D:4]-> C:\DOCUME~1\SHAUNW~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 14/05/2009| 5:11 - Option : [1]

--------------------\\ Scan completed at 5:11:36

THANK YOU for all this help,
Cheers,
Sean.

 

Hi Sean

Good deal.
I see no need to continue with other scans or tools at this time, the last scan was in good shape as well.

Lop S&D <--Delete

C:\lopR.txt <--delete


Let's cleanup here and send you on your way.


Next open OTMoveIt, then click on "CleanUp! ".
If you receive a warning from your Firewall please allow...
In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present. They are not needed anymore, so OTMoveIt will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.

Then reboot your computer.





Your good to go, good job!


Please take the time to read over a few of my preventive tips.


Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

How to prevent Malware: Created by Miekiemoes

Here are some additional utilities that will further enhance your safety.
# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


Read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

Secure My Computer: A Layered Approach

Strong passwords: How to create and use them

Free Antivirus-AntiSpyware-Firewall Software
Slow Computer May Not Be Malware Related, Help! My computer is slow!
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html


PC Safety and Security--What Do I Need?
http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story.

Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

 

Hi Juliet.

I have completed OTMoveit and will certainly look through the preventive tips. Just one question? last night when my son was watching a video on youtube the computer restarted by itself. I had run the OTMoveit around an hour before?

MANY THANKS to you for your time & effort with this.

Cheers,
Sean.

 

Hi Sean
OTMoveIt only removes tools and related folders to tools we used. Would not have an influence and the computer restarting at a later time.

Does sound as if it has a low memory/ram issue tho......at least thats what it sounds like to me.

If it should continue to do this might be a good idea to a new thread in the
Hardware forum here http://www.windowsbbs.com/hardware/

 

Thanks Juliet, just thought i would run it past you.

Up to now alls well and if it does happen again i will do as you say and post in the hardware forum.

God bless you and thanks for all your help.

Cheers,

Sean.

 

Glad we could help.

Safe Surfing.

 

Glad we could help.

Since this issue appears resolved ... this Topic is closed.