Jump to content

Bombaye

Members
  • Content Count

    39
  • Joined

  • Last visited

Posts posted by Bombaye

  1. Just thought I should let you know that I've got a big blue screen problem at the moment. I don't know if you can help, but I'll post elsewhere if not.

    At the moment when I get the error it says:

     

    PAGE_ERROR IN NONPAGED_AREA

     

    And then under technical information it says:

     

    ***STOP: 0x00000050 (0xBFCBB3C5, 0x00000001, 0x8050D532, 0x00000002)

     

    Any ideas of what to do, or where to look for help?

    I've checked the connections and they seem to be fine as my second dvd drive sometimes comes lose, but that's ok. I'm now stuck and frustrated!

  2. here are the logs:

     

    ========== COMMANDS ==========

     

    [EMPTYTEMP]

     

    User: Administrator

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

     

    User: Ali

    ->Temp folder emptied: 9528393 bytes

    ->Temporary Internet Files folder emptied: 15565642 bytes

    ->Java cache emptied: 79832 bytes

    ->FireFox cache emptied: 27683838 bytes

     

    User: All Users

     

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

     

    User: LocalService

    ->Temp folder emptied: 66016 bytes

    ->Temporary Internet Files folder emptied: 33114 bytes

     

    User: NetworkService

    ->Temp folder emptied: 11227420 bytes

    ->Temporary Internet Files folder emptied: 3349369 bytes

     

    User: Owner

     

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 0 bytes

    %systemroot%\System32 .tmp files removed: 0 bytes

    %systemroot%\System32\dllcache .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 207568 bytes

    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 62766 bytes

    RecycleBin emptied: 1078 bytes

     

    Total Files Cleaned = 65.00 mb

     

     

    OTM by OldTimer - Version 3.1.8.0 log created on 02052010_185022

     

    Files moved on Reboot...

    File C:\WINDOWS\temp\JET9C5A.tmp not found!

    File C:\WINDOWS\temp\Perflib_Perfdata_134.dat not found!

     

    Registry entries deleted on Reboot...

    Malwarebytes' Anti-Malware 1.44

    Database version: 3694

    Windows 5.1.2600 Service Pack 3

    Internet Explorer 8.0.6001.18702

     

    05/02/2010 19:15:36

    mbam-log-2010-02-05 (19-15-36).txt

     

    Scan type: Quick Scan

    Objects scanned: 124728

    Time elapsed: 12 minute(s), 6 second(s)

     

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

     

    Memory Processes Infected:

    (No malicious items detected)

     

    Memory Modules Infected:

    (No malicious items detected)

     

    Registry Keys Infected:

    (No malicious items detected)

     

    Registry Values Infected:

    (No malicious items detected)

     

    Registry Data Items Infected:

    (No malicious items detected)

     

    Folders Infected:

    (No malicious items detected)

     

    Files Infected:

    (No malicious items detected)

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 19:23:23, on 05/02/2010

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Application Updater\ApplicationUpdater.exe

    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

    C:\Program Files\TalkTalk\bin\sprtsvc.exe

    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\notepad.exe

    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"

    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab

    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...448/mcfscan.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

    O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

    O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

     

    --

    End of file - 11020 bytes

    My google search has now started playing up again, sending me to random sites.

    I don't know what Spigot is, the only thing I downloaded was an update to my divx web player.

    I'm still getting the update message coming up after running all of these.

    It claims to be an update for windows office professional 2003, but won't go away. You'll click on cancel and then go away and click on a new tab or window and it comes up again. If you leave it to run, it comes up saying that :

    the network resource is unavailable.

    Click ok to try again or enter an alternate path to a folder containing the installation package 'PRO11.MSI'

    If you then try and cancel it, it comes up with :

     

    Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program FIels\Microsoft Office\OFFICE11\1033\SETUP.CHM.

    I don't know if any of this is legit, but I don't have the disk to re-install as I got it from a housemate when I was at uni. Do you think it would be worth completely uninstalling it? I do use it, but maybe I might be able to download a more up-to-date free version

  3. Me again. My browser is a bit temperamenal and keeps trying to install an update but can't find the file it wants and then crashes IE. I don't know if this is malware still, but here's an hjt log

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 08:17:41, on 05/02/2010

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Application Updater\ApplicationUpdater.exe

    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

    C:\Program Files\TalkTalk\bin\sprtsvc.exe

    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R3 - URLSearchHook: (no name) - - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"

    O4 - HKLM\..\Run: [Wcoren] rundll32.exe "C:\WINDOWS\ocifatah.dll",Startup

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab

    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...448/mcfscan.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

    O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

    O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

     

    --

    End of file - 10958 bytes

  4. Great. I'm glad that you can see an end to this coming soon. Here's my OTM and HJT logs.

    Looking good?

     

    ========== FILES ==========

    c:\windows\system32\qpPAUr_-g.exe moved successfully.

    ========== COMMANDS ==========

     

    OTM by OldTimer - Version 3.1.7.0 log created on 01302010_174258

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 17:46:59, on 30/01/2010

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Application Updater\ApplicationUpdater.exe

    C:\Program Files\AskBarDis\bar\bin\AskService.exe

    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

    C:\Program Files\TalkTalk\bin\sprtsvc.exe

    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

    C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\TalkTalk\bin\sprtcmd.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R3 - URLSearchHook: (no name) - - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [ulead AutoDetector] "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe"

    O4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe"

    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"

    O4 - HKLM\..\Run: [ppmate] "C:\Program Files\PPMate\PPMate\ppmate.exe" -autoplay

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab

    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...448/mcfscan.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

    O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

    O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

     

    --

    End of file - 12161 bytes

  5. My norton did a search and brought back a high risk of Backdoor.Tidservl!inf with the details being:

     

    c:\qoobox\quarantine\c\windows\system32\drivers\iastor.sys.vir

     

    I assume the first part means that it's quarantined but should I check this file on virustotal as well?

  6. Here are those scan reports in order:

     

    a-squared 4.5.0.50 2010.01.30 -

    AhnLab-V3 5.0.0.2 2010.01.30 -

    AntiVir 7.9.1.154 2010.01.29 -

    Antiy-AVL 2.0.3.7 2010.01.28 -

    Authentium 5.2.0.5 2010.01.30 -

    Avast 4.8.1351.0 2010.01.30 -

    AVG 9.0.0.730 2010.01.29 -

    BitDefender 7.2 2010.01.30 -

    CAT-QuickHeal 10.00 2010.01.30 -

    ClamAV 0.96.0.0-git 2010.01.30 -

    Comodo 3759 2010.01.30 -

    DrWeb 5.0.1.12222 2010.01.30 -

    eSafe 7.0.17.0 2010.01.28 -

    eTrust-Vet 35.2.7271 2010.01.29 -

    F-Prot 4.5.1.85 2010.01.29 -

    F-Secure 9.0.15370.0 2010.01.29 -

    Fortinet 4.0.14.0 2010.01.30 -

    GData 19 2010.01.30 -

    Ikarus T3.1.1.80.0 2010.01.30 -

    Jiangmin 13.0.900 2010.01.28 -

    K7AntiVirus 7.10.960 2010.01.29 -

    Kaspersky 7.0.0.125 2010.01.30 -

    McAfee 5876 2010.01.29 -

    McAfee+Artemis 5876 2010.01.29 -

    McAfee-GW-Edition 6.8.5 2010.01.30 -

    Microsoft 1.5406 2010.01.30 -

    NOD32 4819 2010.01.30 -

    Norman 6.04.03 2010.01.30 -

    nProtect 2009.1.8.0 2010.01.30 -

    Panda 10.0.2.2 2010.01.29 -

    PCTools 7.0.3.5 2010.01.30 -

    Prevx 3.0 2010.01.30 -

    Rising 22.32.05.04 2010.01.30 -

    Sophos 4.50.0 2010.01.30 -

    Sunbelt 3.2.1858.2 2010.01.30 -

    Symantec 20091.2.0.41 2010.01.30 -

    TheHacker 6.5.1.0.172 2010.01.30 -

    TrendMicro 9.120.0.1004 2010.01.30 -

    VBA32 3.12.12.1 2010.01.29 -

    ViRobot 2010.1.30.2164 2010.01.30 -

    VirusBuster 5.0.21.0 2010.01.29 -

    Additional information

    File size: 18250 bytes

    MD5...: 65e8207eef37ef22ee03cfb1133a6505

    SHA1..: efa38571dc190dc99aadec99d5fec1516a86d258

    SHA256: 0c69f0972de1a1ab791b531a09494984fabc3ed987c18cb6d5ee0e8736b9de59

    ssdeep: 384:GIWwqKWBBiaiNC5/FsfjILt8Q3JUkUegzksrj2La/ecS6X4pF63uITLb:fHn

    ERiEpFLWSJUzz5ec+F5ITLb

     

    PEiD..: -

    PEInfo: -

    RDS...: NSRL Reference Data Set

    -

    pdfid.: -

    trid..: Unknown!

    sigcheck:

    publisher....: n/a

    copyright....: n/a

    product......: n/a

    description..: n/a

    original name: n/a

    internal name: n/a

    file version.: n/a

    comments.....: n/a

    signers......: -

    signing date.: -

    verified.....: Unsigned

     

     

    File qpPAUr_-g.exe received on 2010.01.30 10:24:28 (UTC)

    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

     

    Antivirus Version Last Update Result

    a-squared 4.5.0.50 2010.01.30 -

    AhnLab-V3 5.0.0.2 2010.01.30 -

    AntiVir 7.9.1.154 2010.01.29 TR/Agent.118256

    Antiy-AVL 2.0.3.7 2010.01.28 -

    Authentium 5.2.0.5 2010.01.30 -

    Avast 4.8.1351.0 2010.01.30 -

    AVG 9.0.0.730 2010.01.29 Generic16.AQYI

    BitDefender 7.2 2010.01.30 -

    CAT-QuickHeal 10.00 2010.01.30 -

    ClamAV 0.96.0.0-git 2010.01.30 -

    Comodo 3759 2010.01.30 -

    DrWeb 5.0.1.12222 2010.01.30 -

    eSafe 7.0.17.0 2010.01.28 Win32.TrojanHorse

    eTrust-Vet 35.2.7271 2010.01.29 -

    F-Prot 4.5.1.85 2010.01.29 -

    F-Secure 9.0.15370.0 2010.01.29 -

    Fortinet 4.0.14.0 2010.01.30 -

    GData 19 2010.01.30 -

    Ikarus T3.1.1.80.0 2010.01.30 -

    Jiangmin 13.0.900 2010.01.28 -

    K7AntiVirus 7.10.960 2010.01.29 -

    Kaspersky 7.0.0.125 2010.01.30 -

    McAfee 5876 2010.01.29 -

    McAfee+Artemis 5876 2010.01.29 Artemis!509FD9D3E6B0

    McAfee-GW-Edition 6.8.5 2010.01.30 Trojan.Agent.118256

    Microsoft 1.5406 2010.01.30 -

    NOD32 4819 2010.01.30 -

    Norman 6.04.03 2010.01.30 -

    nProtect 2009.1.8.0 2010.01.30 -

    Panda 10.0.2.2 2010.01.29 -

    PCTools 7.0.3.5 2010.01.30 -

    Prevx 3.0 2010.01.30 High Risk Cloaked Malware

    Rising 22.32.05.04 2010.01.30 -

    Sophos 4.50.0 2010.01.30 Troj/FakeAV-ANM

    Sunbelt 3.2.1858.2 2010.01.30 Trojan.Win32.Generic!BT

    Symantec 20091.2.0.41 2010.01.30 Reser.Reputation.1

    TheHacker 6.5.1.0.172 2010.01.30 -

    TrendMicro 9.120.0.1004 2010.01.30 -

    VBA32 3.12.12.1 2010.01.29 -

    ViRobot 2010.1.30.2164 2010.01.30 -

    VirusBuster 5.0.21.0 2010.01.29 -

    Additional information

    File size: 118256 bytes

    MD5...: 509fd9d3e6b08762782b9d3a5e55197f

    SHA1..: 02ea38d4b444e162cc45bc6449a1eb89591623a7

    SHA256: 19e8918b9d609dc42e829f4d38271602de6145f64d33e2d0de89c631fe3d378c

    ssdeep: 3072:vQIURTXJ2ceAMP/SZCNCz77q1/amx4Dkcbyw:vsYmMP/SZPupaK4Dkgb

     

    PEiD..: -

    PEInfo: PE Structure information

     

    ( base data )

    entrypointaddress.: 0x323c

    timedatestamp.....: 0x4a2ae2a2 (Sat Jun 06 21:41:54 2009)

    machinetype.......: 0x14c (I386)

     

    ( 5 sections )

    name viradd virsiz rawdsiz ntrpy md5

    .text 0x1000 0x5a5a 0x5c00 6.42 0bc2ffd32265a08d72b795b18265828d

    .rdata 0x7000 0x1190 0x1200 5.18 f179218a059068529bdb4637ef5fa28e

    .data 0x9000 0x1af98 0x400 4.71 975304d6dd6c4a4f076b15511e2bbbc0

    .ndata 0x24000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

    .rsrc 0x2f000 0x48d0 0x4a00 5.87 4cc3f89c214e350e27ed0f562ca7c749

     

    ( 8 imports )

    > KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA

    > USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow

    > GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject

    > SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation

    > ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA

    > COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create

    > ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance

    > VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

     

    ( 0 exports )

     

    RDS...: NSRL Reference Data Set

    -

    pdfid.: -

    trid..: Win32 Executable MS Visual C++ (generic) (65.2%)

    Win32 Executable Generic (14.7%)

    Win32 Dynamic Link Library (generic) (13.1%)

    Generic Win/DOS Executable (3.4%)

    DOS Executable Generic (3.4%)

    <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D</a>

    sigcheck:

    publisher....: n/a

    copyright....: n/a

    product......: n/a

    description..: n/a

    original name: n/a

    internal name: n/a

    file version.: n/a

    comments.....: n/a

    signers......: -

    signing date.: -

    verified.....: Unsigned

     

    packers (F-Prot): NSIS

     

    File 0PLT01VMT.dat received on 2010.01.30 10:39:50 (UTC)

    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

     

     

    Result: 0/41 (0%)

    Loading server information...

    Your file is queued in position: 1.

    Estimated start time is between 40 and 57 seconds.

    Do not close the window until scan is complete.

    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

    If you are waiting for more than five minutes you have to resend your file.

    Your file is being scanned by VirusTotal in this moment,

    results will be shown as they're generated.

    Compact Print results Your file has expired or does not exists.

    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

     

     

    Antivirus Version Last Update Result

    a-squared 4.5.0.50 2010.01.30 -

    AhnLab-V3 5.0.0.2 2010.01.30 -

    AntiVir 7.9.1.154 2010.01.29 -

    Antiy-AVL 2.0.3.7 2010.01.28 -

    Authentium 5.2.0.5 2010.01.30 -

    Avast 4.8.1351.0 2010.01.30 -

    AVG 9.0.0.730 2010.01.29 -

    BitDefender 7.2 2010.01.30 -

    CAT-QuickHeal 10.00 2010.01.30 -

    ClamAV 0.96.0.0-git 2010.01.30 -

    Comodo 3759 2010.01.30 -

    DrWeb 5.0.1.12222 2010.01.30 -

    eSafe 7.0.17.0 2010.01.28 -

    eTrust-Vet 35.2.7271 2010.01.29 -

    F-Prot 4.5.1.85 2010.01.29 -

    F-Secure 9.0.15370.0 2010.01.29 -

    Fortinet 4.0.14.0 2010.01.30 -

    GData 19 2010.01.30 -

    Ikarus T3.1.1.80.0 2010.01.30 -

    Jiangmin 13.0.900 2010.01.28 -

    K7AntiVirus 7.10.960 2010.01.29 -

    Kaspersky 7.0.0.125 2010.01.30 -

    McAfee 5876 2010.01.29 -

    McAfee+Artemis 5876 2010.01.29 -

    McAfee-GW-Edition 6.8.5 2010.01.30 -

    Microsoft 1.5406 2010.01.30 -

    NOD32 4819 2010.01.30 -

    Norman 6.04.03 2010.01.30 -

    nProtect 2009.1.8.0 2010.01.30 -

    Panda 10.0.2.2 2010.01.29 -

    PCTools 7.0.3.5 2010.01.30 -

    Prevx 3.0 2010.01.30 -

    Rising 22.32.05.04 2010.01.30 -

    Sophos 4.50.0 2010.01.30 -

    Sunbelt 3.2.1858.2 2010.01.30 -

    Symantec 20091.2.0.41 2010.01.30 -

    TheHacker 6.5.1.0.172 2010.01.30 -

    TrendMicro 9.120.0.1004 2010.01.30 -

    VBA32 3.12.12.1 2010.01.29 -

    ViRobot 2010.1.30.2164 2010.01.30 -

    VirusBuster 5.0.21.0 2010.01.29 -

    Additional information

    File size: 1860 bytes

    MD5...: 283658b52c62981e9f068752113d4784

    SHA1..: d7afe79066761b0588eb9492c83c20cc26139988

    SHA256: 1250ed57e36e54e9e2375141596921d1ae2bdca1e507e5e2cf6e5784524d5637

    ssdeep: 24:JGqalxV+JpDJtxk8IpmLcilBk9bcBkMhoE8yeRlg74ESWoEF4k4aJGZ6MrdLs

    0I:ApTqDbLNsMhoE8yAlGSWoECiC6Mrdw0I

     

    PEiD..: -

    PEInfo: -

    RDS...: NSRL Reference Data Set

    -

    pdfid.: -

    sigcheck:

    publisher....: n/a

    copyright....: n/a

    product......: n/a

    description..: n/a

    original name: n/a

    internal name: n/a

    file version.: n/a

    comments.....: n/a

    signers......: -

    signing date.: -

    verified.....: Unsigned

     

    trid..: Unknown!

     

    File SVMGTJ7062.dat received on 2010.01.30 10:43:11 (UTC)

    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

     

     

    Result: 0/41 (0%)

    Loading server information...

    Your file is queued in position: 9.

    Estimated start time is between 90 and 128 seconds.

    Do not close the window until scan is complete.

    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

    If you are waiting for more than five minutes you have to resend your file.

    Your file is being scanned by VirusTotal in this moment,

    results will be shown as they're generated.

    Compact Print results Your file has expired or does not exists.

    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

     

     

    Antivirus Version Last Update Result

    a-squared 4.5.0.50 2010.01.30 -

    AhnLab-V3 5.0.0.2 2010.01.30 -

    AntiVir 7.9.1.154 2010.01.29 -

    Antiy-AVL 2.0.3.7 2010.01.28 -

    Authentium 5.2.0.5 2010.01.30 -

    Avast 4.8.1351.0 2010.01.30 -

    AVG 9.0.0.730 2010.01.29 -

    BitDefender 7.2 2010.01.30 -

    CAT-QuickHeal 10.00 2010.01.30 -

    ClamAV 0.96.0.0-git 2010.01.30 -

    Comodo 3759 2010.01.30 -

    DrWeb 5.0.1.12222 2010.01.30 -

    eSafe 7.0.17.0 2010.01.28 -

    eTrust-Vet 35.2.7271 2010.01.29 -

    F-Prot 4.5.1.85 2010.01.29 -

    F-Secure 9.0.15370.0 2010.01.29 -

    Fortinet 4.0.14.0 2010.01.30 -

    GData 19 2010.01.30 -

    Ikarus T3.1.1.80.0 2010.01.30 -

    Jiangmin 13.0.900 2010.01.28 -

    K7AntiVirus 7.10.960 2010.01.29 -

    Kaspersky 7.0.0.125 2010.01.30 -

    McAfee 5876 2010.01.29 -

    McAfee+Artemis 5876 2010.01.29 -

    McAfee-GW-Edition 6.8.5 2010.01.30 -

    Microsoft 1.5406 2010.01.30 -

    NOD32 4819 2010.01.30 -

    Norman 6.04.03 2010.01.30 -

    nProtect 2009.1.8.0 2010.01.30 -

    Panda 10.0.2.2 2010.01.29 -

    PCTools 7.0.3.5 2010.01.30 -

    Prevx 3.0 2010.01.30 -

    Rising 22.32.05.04 2010.01.30 -

    Sophos 4.50.0 2010.01.30 -

    Sunbelt 3.2.1858.2 2010.01.30 -

    Symantec 20091.2.0.41 2010.01.30 -

    TheHacker 6.5.1.0.172 2010.01.30 -

    TrendMicro 9.120.0.1004 2010.01.30 -

    VBA32 3.12.12.1 2010.01.29 -

    ViRobot 2010.1.30.2164 2010.01.30 -

    VirusBuster 5.0.21.0 2010.01.29 -

    Additional information

    File size: 27883 bytes

    MD5...: eb02ebf7bede16f21c3a2dcbe802f092

    SHA1..: b92f07abccda13096d71db6e6647d390260be06c

    SHA256: 56363494d191f85d8e24b60def531d203509c678bca8093d85904309d4dbf719

    ssdeep: 384:L9SPcClUvWAl2HIEocQuxNc9GIt4qDmmLt0yJm7xi8vsZl4rXO8JD/HL1R1Y

    :L9S1U+AsIELNuRDh+xihu+8/zY

     

    PEiD..: -

    PEInfo: -

    RDS...: NSRL Reference Data Set

    -

    pdfid.: -

    trid..: Unknown!

    sigcheck:

    publisher....: n/a

    copyright....: n/a

    product......: n/a

    description..: n/a

    original name: n/a

    internal name: n/a

    file version.: n/a

    comments.....: n/a

    signers......: -

    signing date.: -

    verified.....: Unsigned

     

     

    File S1049S0YF.dat received on 2010.01.30 10:47:55 (UTC)

    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

     

     

    Result: 0/41 (0%)

    Loading server information...

    Your file is queued in position: 4.

    Estimated start time is between 70 and 100 seconds.

    Do not close the window until scan is complete.

    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

    If you are waiting for more than five minutes you have to resend your file.

    Your file is being scanned by VirusTotal in this moment,

    results will be shown as they're generated.

    Compact Print results Your file has expired or does not exists.

    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

     

     

    Antivirus Version Last Update Result

    a-squared 4.5.0.50 2010.01.30 -

    AhnLab-V3 5.0.0.2 2010.01.30 -

    AntiVir 7.9.1.154 2010.01.29 -

    Antiy-AVL 2.0.3.7 2010.01.28 -

    Authentium 5.2.0.5 2010.01.30 -

    Avast 4.8.1351.0 2010.01.30 -

    AVG 9.0.0.730 2010.01.29 -

    BitDefender 7.2 2010.01.30 -

    CAT-QuickHeal 10.00 2010.01.30 -

    ClamAV 0.96.0.0-git 2010.01.30 -

    Comodo 3759 2010.01.30 -

    DrWeb 5.0.1.12222 2010.01.30 -

    eSafe 7.0.17.0 2010.01.28 -

    eTrust-Vet 35.2.7271 2010.01.29 -

    F-Prot 4.5.1.85 2010.01.29 -

    F-Secure 9.0.15370.0 2010.01.29 -

    Fortinet 4.0.14.0 2010.01.30 -

    GData 19 2010.01.30 -

    Ikarus T3.1.1.80.0 2010.01.30 -

    Jiangmin 13.0.900 2010.01.28 -

    K7AntiVirus 7.10.960 2010.01.29 -

    Kaspersky 7.0.0.125 2010.01.30 -

    McAfee 5876 2010.01.29 -

    McAfee+Artemis 5876 2010.01.29 -

    McAfee-GW-Edition 6.8.5 2010.01.30 -

    Microsoft 1.5406 2010.01.30 -

    NOD32 4819 2010.01.30 -

    Norman 6.04.03 2010.01.30 -

    nProtect 2009.1.8.0 2010.01.30 -

    Panda 10.0.2.2 2010.01.29 -

    PCTools 7.0.3.5 2010.01.30 -

    Prevx 3.0 2010.01.30 -

    Rising 22.32.05.04 2010.01.30 -

    Sophos 4.50.0 2010.01.30 -

    Sunbelt 3.2.1858.2 2010.01.30 -

    Symantec 20091.2.0.41 2010.01.30 -

    TheHacker 6.5.1.0.172 2010.01.30 -

    TrendMicro 9.120.0.1004 2010.01.30 -

    VBA32 3.12.12.1 2010.01.29 -

    ViRobot 2010.1.30.2164 2010.01.30 -

    VirusBuster 5.0.21.0 2010.01.29 -

    Additional information

    File size: 1860 bytes

    MD5...: 0c00ae408418d8e82e337f256922e014

    SHA1..: 9bd6baecee71420d94fecf525c3e8fd4888aed96

    SHA256: 4c6cbc0f9275a18e6583ee82e3cbe3b23d83e3dba462e43b69eff12b53d17fdb

    ssdeep: 24:JGqaqJpDJtxk8IpmLcilBk9bcBkMhoE8yeRlg74ESWoEF4k4aJGZ6MrdLs0I:

    A6DbLNsMhoE8yAlGSWoECiC6Mrdw0I

     

    PEiD..: -

    PEInfo: -

    RDS...: NSRL Reference Data Set

    -

    pdfid.: -

    trid..: Unknown!

    sigcheck:

    publisher....: n/a

    copyright....: n/a

    product......: n/a

    description..: n/a

    original name: n/a

    internal name: n/a

    file version.: n/a

    comments.....: n/a

    signers......: -

    signing date.: -

    verified.....: Unsigned

    I had to send it over SSL I think because of my Norton.

    Looks like there may be more work to do. What's next?

  7. ComboFix 10-01-29.04 - Ali 29/01/2010 20:20:19.2.2 - x86

    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1058 [GMT 0:00]

    Running from: c:\documents and settings\Ali\Desktop\ComboFix.exe

    Command switches used :: c:\documents and settings\Ali\Desktop\CFScript.txt

    AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

    FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

     

    FILE ::

    "c:\docume~1\Ali\LOCALS~1\Temp\gkmixern.sys"

    .

    PEV Error: ProgramsFolder

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    -------\Legacy_GKMIXERN

    -------\Service_gkmixern

     

     

    ((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))

    .

     

    2010-01-28 19:09 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe

    2010-01-28 19:09 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe

    2010-01-28 19:09 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe

    2010-01-28 19:09 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe

    2010-01-27 18:24 . 2010-01-27 18:24 664 ----a-w- c:\windows\system32\d3d9caps.dat

    2010-01-25 21:14 . 2010-01-25 21:14 -------- d-----w- c:\windows\system32\N360_BACKUP

    2010-01-21 22:11 . 2010-01-21 22:11 -------- d-----w- c:\program files\AskBarDis

    2010-01-18 18:38 . 2010-01-18 18:38 -------- d-----w- c:\program files\Application Updater

    2010-01-15 04:05 . 2010-01-15 04:05 -------- d-----w- c:\program files\Norton Support

    2010-01-15 04:04 . 2010-01-15 04:04 -------- d-----w- c:\documents and settings\Ali\Local Settings\Application Data\Symantec

    2010-01-14 20:16 . 2010-01-14 20:14 107368 ----a-r- c:\windows\system32\GEARAspi.dll

    2010-01-14 17:57 . 2010-01-14 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}

    2010-01-14 17:56 . 2010-01-14 17:56 -------- d-----w- c:\documents and settings\Ali\Local Settings\Application Data\Downloaded Installations

    2010-01-14 17:56 . 2009-08-22 08:13 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys

    2010-01-14 17:56 . 2010-01-14 20:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

    2010-01-14 17:56 . 2010-01-14 20:14 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

    2010-01-14 17:56 . 2010-01-14 20:14 -------- d-----w- c:\program files\Symantec

    2010-01-14 17:55 . 2010-01-28 18:14 -------- d-----w- c:\windows\system32\drivers\N360

    2010-01-14 17:55 . 2010-01-14 17:55 -------- d-----w- c:\program files\Norton 360

    2010-01-14 17:45 . 2010-01-14 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings

    2010-01-14 17:44 . 2010-01-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

    2010-01-12 22:29 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

    2010-01-10 18:21 . 2010-01-10 18:21 27883 ----a-w- c:\windows\system32\0ILPNBLKEB.dat

    2010-01-10 18:21 . 2010-01-10 18:21 1860 ----a-w- c:\windows\system32\0PLT01VMT.dat

    2010-01-10 18:21 . 2010-01-10 18:21 27883 ----a-w- c:\windows\system32\SVMGTJ7062.dat

    2010-01-10 18:21 . 2010-01-10 18:21 1860 ----a-w- c:\windows\system32\S1049S0YF.dat

    2010-01-07 21:44 . 2010-01-07 21:44 -------- d-----w- C:\_OTM

    2010-01-06 08:09 . 2010-01-06 08:09 -------- d-----w- c:\program files\Trend Micro

    2010-01-05 00:16 . 2010-01-05 00:16 118256 ----a-w- c:\windows\system32\qpPAUr_-g.exe

    2010-01-05 00:14 . 2010-01-07 21:44 -------- d-sh--w- c:\documents and settings\Ali\.COMMgr

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-01-26 22:58 . 2009-04-26 15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2010-01-25 21:23 . 2009-04-26 15:49 117760 ----a-w- c:\documents and settings\Ali\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

    2010-01-25 21:21 . 2009-04-26 15:46 -------- d-----w- c:\program files\SUPERAntiSpyware

    2010-01-25 21:10 . 2010-01-25 21:09 52224 ----a-w- c:\documents and settings\Ali\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

    2010-01-25 20:10 . 2006-05-18 22:19 -------- d-----w- c:\documents and settings\Ali\Application Data\Azureus

    2010-01-24 21:08 . 2010-01-24 21:08 8406648 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe

    2010-01-24 20:58 . 2010-01-24 20:58 10309448 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\chr\ChromeInstaller.exe

    2010-01-24 20:55 . 2010-01-24 20:55 64000 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll

    2010-01-24 20:55 . 2010-01-24 20:55 52288 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll

    2010-01-24 20:55 . 2010-01-24 20:55 50688 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll

    2010-01-24 20:55 . 2010-01-24 20:55 114688 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\compat.dll

    2010-01-21 22:12 . 2006-05-18 22:19 -------- d-----w- c:\program files\Azureus

    2010-01-20 19:19 . 2009-02-23 18:13 -------- d-----w- c:\program files\Microsoft Silverlight

    2010-01-14 20:14 . 2010-01-14 17:56 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

    2010-01-14 20:14 . 2010-01-14 17:56 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

    2010-01-14 20:14 . 2010-01-14 17:58 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

    2010-01-14 20:14 . 2008-01-29 12:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

    2010-01-14 18:16 . 2005-03-06 22:25 -------- d-----w- c:\program files\Common Files\Symantec Shared

    2010-01-14 17:56 . 2010-01-14 17:56 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll

    2010-01-14 17:56 . 2010-01-14 17:56 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll

    2010-01-14 17:55 . 2010-01-14 17:55 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll

    2010-01-14 17:55 . 2008-01-02 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

    2010-01-14 17:55 . 2009-08-01 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

    2010-01-14 17:51 . 2005-03-06 22:25 -------- d-----w- c:\documents and settings\Ali\Application Data\Symantec

    2010-01-07 16:07 . 2009-04-26 15:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2010-01-07 16:07 . 2009-04-26 15:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

    2010-01-06 00:34 . 2007-04-17 12:16 -------- d-----w- c:\documents and settings\Ali\Application Data\dvdcss

    2009-12-21 19:14 . 2004-08-04 05:00 916480 ------w- c:\windows\system32\wininet.dll

    2009-12-15 18:40 . 2009-12-15 18:38 17245680 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\rp\RealPlayerSPGold.exe

    2009-11-21 15:51 . 2008-08-20 07:26 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

    2009-10-10 00:39 . 2009-10-10 00:39 18250 ----a-w- c:\program files\Common Files\bewoharav.pif

    2006-03-15 12:30 . 2006-03-15 12:30 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe

    2005-01-04 14:52 . 2005-01-04 14:50 227190984 ----a-w- c:\program files\OfficeSTD.exe

    2009-03-31 21:47 . 2009-01-28 20:32 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

    2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

    2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

    2005-02-13 20:42 . 2005-02-13 20:42 56 --sh--r- c:\windows\SYSTEM32\4C805BE81C.sys

    .

     

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

     

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

    2009-04-02 12:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

     

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

     

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

     

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]

    "Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]

    "Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 69632]

    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

    "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]

    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

    "ppmate"="c:\program files\PPMate\PPMate\ppmate.exe" [2006-11-23 1495123]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]

    "TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]

     

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

     

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-24 113664]

    AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2004-11-24 156784]

    NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]

     

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

    2010-01-25 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

    @="FSFilter Activity Monitor"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "c:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    "%windir%\\system32\\sessmgr.exe"=

     

    R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\SymEFA.sys [28/01/2010 05:14 310320]

    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\BHDrvx86.sys [28/01/2010 05:14 259632]

    R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\cchpx86.sys [28/01/2010 05:14 482432]

    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSXpx86.sys [28/01/2010 02:12 329592]

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22/12/2008 10:06 9968]

    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 10:05 74480]

    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928]

    R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [21/01/2010 22:11 464264]

    R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [21/01/2010 22:11 234888]

    R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [23/02/2009 18:12 54752]

    R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [28/01/2010 05:13 117640]

    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]

    R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]

    S1 M9207;DigiO2 DVB-T USB Receiver;c:\windows\system32\DRIVERS\M9207BDA.sys --> c:\windows\system32\DRIVERS\M9207BDA.sys [?]

    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\SYSTEM32\FsUsbExDisk.Sys [06/12/2008 14:35 36512]

    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 10:06 7408]

    .

    Contents of the 'Scheduled Tasks' folder

     

    2010-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.co.uk/ig?hl=en

    uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}

    uInternet Connection Wizard,ShellNext = iexplore

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx

    FF - ProfilePath - c:\documents and settings\Ali\Application Data\Mozilla\Firefox\Profiles\emib82yk.default\

    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    .

     

    **************************************************************************

     

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-01-29 20:29

    Windows 5.1.2600 Service Pack 3 NTFS

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

    scan completed successfully

    hidden files: 0

     

    **************************************************************************

     

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]

    "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

     

    [HKEY_USERS\S-1-5-21-3974528393-405583803-1727344631-1006\Software\Microsoft\SystemCertificates\AddressBook*]

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

     

    [HKEY_USERS\S-1-5-21-3974528393-405583803-1727344631-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.

    R%]

    @Class="Shell"

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

     

    [HKEY_USERS\S-1-5-21-3974528393-405583803-1727344631-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.

    R%\OpenWithList]

    @Class="Shell"

     

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

    @DACL=(02 0000)

    "Installed"="1"

     

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

    @DACL=(02 0000)

    "Installed"="1"

    "NoChange"="1"

     

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

    @DACL=(02 0000)

    "Installed"="1"

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

     

    - - - - - - - > 'winlogon.exe'(1528)

    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    c:\windows\system32\WININET.dll

     

    - - - - - - - > 'explorer.exe'(1128)

    c:\windows\system32\WININET.dll

    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

    c:\progra~1\WINDOW~2\wmpband.dll

    c:\windows\system32\ieframe.dll

    c:\windows\system32\webcheck.dll

    c:\windows\system32\WPDShServiceObj.dll

    c:\windows\system32\PortableDeviceTypes.dll

    c:\windows\system32\PortableDeviceApi.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\system32\Ati2evxx.exe

    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    c:\program files\Intel\Intel Application Accelerator\iaantmon.exe

    c:\program files\Java\jre6\bin\jqs.exe

    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    c:\windows\system32\wscntfy.exe

    c:\program files\iPod\bin\iPodService.exe

    .

    **************************************************************************

    .

    Completion time: 2010-01-29 20:37:52 - machine was rebooted

    ComboFix-quarantined-files.txt 2010-01-29 20:37

    ComboFix2.txt 2010-01-28 19:22

    ComboFix3.txt 2006-12-17 20:18

     

    Pre-Run: 13,490,040,832 bytes free

    Post-Run: 13,456,924,672 bytes free

     

    - - End Of File - - 0D2397B998D3CCACC1FAD7C2CAC22491

     

    Both browsers seem to be ok now. The problem came up when I was trying to stream a tv show and the connection dropped out so I tried rebooting and that was when the browsers started playing up.

    Do you have any other recommendations?

  8. Ok both my browsers no longer work and I have had to write this from another computer.

    My firefox opens and then I can't type anything at all.

    My IE opens ok but when I click on anything it opens up a new tab and as a result I couldn't answer without going to a different pc. Also when I maximise the IE window, I lose the menus,toolbars and address at the top and also the toolbar at the bottom. What do you suggest?

  9. I forgot to mention, I currently have updates that my computer can't install. I don't know if this is related but these are the details.

     

    Security Update for Microsoft Office Excel 2003 (KB973475)

    Security Update for Microsoft Office 2003 (KB974554)

  10. Right then here are my logs. Everything seems ok although I had to manually reboot after combofix told me not to as the computer wasn't doing anything for about 30 mins and my computer always comes up with a hardware malfunction error saying

    NMI: Parity Check/Memort Parity Error

    .

     

    Google searching seems to be ok though.

     

    OTM:

     

    All processes killed

    ========== FILES ==========

    File/Folder c:\program files\search settings not found.

    C:\Program Files\Trend Micro\HijackThis\backups\backup-20100107-214052-489.dll moved successfully.

    ========== COMMANDS ==========

     

    [EMPTYTEMP]

     

    User: Administrator

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

     

    User: Ali

    ->Temp folder emptied: 95265501 bytes

    ->Temporary Internet Files folder emptied: 11851402 bytes

    ->Java cache emptied: 140308 bytes

    ->FireFox cache emptied: 2898088 bytes

     

    User: All Users

     

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

     

    User: LocalService

    ->Temp folder emptied: 66016 bytes

    ->Temporary Internet Files folder emptied: 33855 bytes

     

    User: NetworkService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes

     

    User: Owner

     

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 0 bytes

    %systemroot%\System32 .tmp files removed: 0 bytes

    %systemroot%\System32\dllcache .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 2818852 bytes

    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 20616386 bytes

    RecycleBin emptied: 196717338 bytes

     

    Total Files Cleaned = 315.00 mb

     

     

    OTM by OldTimer - Version 3.1.7.0 log created on 01282010_181248

     

    Files moved on Reboot...

    File C:\WINDOWS\temp\AskBarDis\upgrade\UpgradeData.xml not found!

    File C:\WINDOWS\temp\AskBarDis\RSS\1\Featured.xml not found!

    File C:\WINDOWS\temp\AskBarDis\RSS\1\ForYou.xml not found!

    File C:\WINDOWS\temp\AskBarDis\RSS\1\Notifications.xml not found!

    File C:\WINDOWS\temp\AskBarDis\RSS\1\WhatsHot.xml not found!

    File C:\WINDOWS\temp\AskBarDis\RSS\1\WhatsNew.xml not found!

    File C:\WINDOWS\temp\JET507.tmp not found!

    File C:\WINDOWS\temp\Perflib_Perfdata_dc4.dat not found!

    C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I5WZUZXQ\google_co_uk[2].txt moved successfully.

     

    Registry entries deleted on Reboot...

     

    ComboFix

     

    ComboFix 10-01-27.06 - Ali 28/01/2010 19:00:40.1.2 - x86

    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1164 [GMT 0:00]

    Running from: c:\documents and settings\Ali\Desktop\ComboFix.exe

    AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

    FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    .

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    c:\documents and settings\Ali\Application Data\iniasd.txt

    c:\documents and settings\Ali\Application Data\inst.exe

    c:\documents and settings\Ali\Application Data\SystemProc

    c:\documents and settings\Ali\Local Settings\Application Data\ojibefaki.bat

    c:\documents and settings\All Users\Application Data\epyq.inf

    c:\program files\Dealio Toolbar

    c:\program files\Dealio Toolbar\FF\chrome.manifest

    c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js

    c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul

    c:\program files\Dealio Toolbar\FF\chrome\content\login.js

    c:\program files\Dealio Toolbar\FF\chrome\content\login.xul

    c:\program files\Dealio Toolbar\FF\chrome\content\parser.js

    c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js

    c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js

    c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul

    c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js

    c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js

    c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js

    c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js

    c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js

    c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul

    c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js

    c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd

    c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd

    c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties

    c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css

    c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif

    c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css

    c:\program files\Dealio Toolbar\FF\components\config.ini

    c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll

    c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt

    c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt

    c:\program files\Dealio Toolbar\FF\install.rdf

    c:\program files\Dealio Toolbar\IE\4.0.2\config.ini

    c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

    c:\program files\Dealio Toolbar\Res\amazon.gif

    c:\program files\Dealio Toolbar\Res\apple.gif

    c:\program files\Dealio Toolbar\Res\barnes.gif

    c:\program files\Dealio Toolbar\Res\bestbuy.gif

    c:\program files\Dealio Toolbar\Res\dealio_logo.gif

    c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif

    c:\program files\Dealio Toolbar\Res\ebay.gif

    c:\program files\Dealio Toolbar\Res\icon_settings.gif

    c:\program files\Dealio Toolbar\Res\macys.gif

    c:\program files\Dealio Toolbar\Res\newegg.gif

    c:\program files\Dealio Toolbar\Res\overstock.gif

    c:\program files\Dealio Toolbar\Res\search-button-hover.gif

    c:\program files\Dealio Toolbar\Res\search-button.gif

    c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif

    c:\program files\Dealio Toolbar\Res\search-chevron.gif

    c:\program files\Dealio Toolbar\Res\search_amazon.gif

    c:\program files\Dealio Toolbar\Res\search_dealio.gif

    c:\program files\Dealio Toolbar\Res\search_ebay.gif

    c:\program files\Dealio Toolbar\Res\search_yahoo.gif

    c:\program files\Dealio Toolbar\Res\target.gif

    c:\program files\Dealio Toolbar\Res\walmart.gif

    c:\program files\Dealio Toolbar\Res\widgets.xml

    c:\program files\Dealio Toolbar\WidgiHelper.exe

    c:\recycler\NPROTECT

    C:\s

    c:\windows\dembat.tm

    c:\windows\emdat.tm

    c:\windows\EventSystem.log

    c:\windows\g32.txt

    c:\windows\gui

    c:\windows\gui\drw43300.txt

    c:\windows\gui\drw43300.vdb

    c:\windows\gui\drw43301.txt

    c:\windows\gui\drw43301.vdb

    c:\windows\gui\drw43302.txt

    c:\windows\gui\drw43302.vdb

    c:\windows\gui\drw43303.txt

    c:\windows\gui\drw43303.vdb

    c:\windows\gui\drw43304.txt

    c:\windows\gui\drw43304.vdb

    c:\windows\gui\drw43305.txt

    c:\windows\gui\drw43305.vdb

    c:\windows\gui\drw43306.txt

    c:\windows\gui\drw43306.vdb

    c:\windows\gui\drw43307.txt

    c:\windows\gui\drw43307.vdb

    c:\windows\gui\drw43308.txt

    c:\windows\gui\drw43308.vdb

    c:\windows\gui\drw43309.txt

    c:\windows\gui\drw43309.vdb

    c:\windows\gui\drw43310.txt

    c:\windows\gui\drw43310.vdb

    c:\windows\gui\drw43311.txt

    c:\windows\gui\drw43311.vdb

    c:\windows\gui\drw43312.txt

    c:\windows\gui\drw43312.vdb

    c:\windows\gui\drw43313.txt

    c:\windows\gui\drw43313.vdb

    c:\windows\gui\drw43314.txt

    c:\windows\gui\drw43314.vdb

    c:\windows\gui\drw43315.txt

    c:\windows\gui\drw43315.vdb

    c:\windows\gui\drw43316.txt

    c:\windows\gui\drw43316.vdb

    c:\windows\gui\drw43317.txt

    c:\windows\gui\drw43317.vdb

    c:\windows\gui\drw43318.txt

    c:\windows\gui\drw43318.vdb

    c:\windows\gui\drw43319.txt

    c:\windows\gui\drw43319.vdb

    c:\windows\gui\drw43320.txt

    c:\windows\gui\drw43320.vdb

    c:\windows\gui\drw43321.txt

    c:\windows\gui\drw43321.vdb

    c:\windows\gui\drw43322.txt

    c:\windows\gui\drw43322.vdb

    c:\windows\gui\drw43323.txt

    c:\windows\gui\drw43323.vdb

    c:\windows\gui\drw43324.txt

    c:\windows\gui\drw43324.vdb

    c:\windows\gui\drw43325.txt

    c:\windows\gui\drw43325.vdb

    c:\windows\gui\drw43326.txt

    c:\windows\gui\drw43326.vdb

    c:\windows\gui\drw43327.txt

    c:\windows\gui\drw43327.vdb

    c:\windows\gui\drw43328.txt

    c:\windows\gui\drw43328.vdb

    c:\windows\gui\drw43329.txt

    c:\windows\gui\drw43329.vdb

    c:\windows\gui\drw43330.txt

    c:\windows\gui\drw43330.vdb

    c:\windows\gui\drw43331.txt

    c:\windows\gui\drw43331.vdb

    c:\windows\gui\drw43332.txt

    c:\windows\gui\drw43332.vdb

    c:\windows\gui\drw43333.txt

    c:\windows\gui\drw43333.vdb

    c:\windows\gui\drw43334.txt

    c:\windows\gui\drw43334.vdb

    c:\windows\gui\drw43335.txt

    c:\windows\gui\drw43335.vdb

    c:\windows\gui\drw43336.txt

    c:\windows\gui\drw43336.vdb

    c:\windows\gui\drw43337.txt

    c:\windows\gui\drw43337.vdb

    c:\windows\gui\drw43338.txt

    c:\windows\gui\drw43338.vdb

    c:\windows\gui\drw43339.txt

    c:\windows\gui\drw43339.vdb

    c:\windows\gui\drw43340.txt

    c:\windows\gui\drw43340.vdb

    c:\windows\gui\drw43341.txt

    c:\windows\gui\drw43341.vdb

    c:\windows\gui\drw43342.txt

    c:\windows\gui\drw43342.vdb

    c:\windows\gui\drw43343.txt

    c:\windows\gui\drw43343.vdb

    c:\windows\gui\drw43344.txt

    c:\windows\gui\drw43344.vdb

    c:\windows\gui\drw43345.txt

    c:\windows\gui\drw43345.vdb

    c:\windows\gui\drw43346.txt

    c:\windows\gui\drw43346.vdb

    c:\windows\gui\drw43347.txt

    c:\windows\gui\drw43347.vdb

    c:\windows\gui\drw43348.txt

    c:\windows\gui\drw43348.vdb

    c:\windows\gui\drw43349.txt

    c:\windows\gui\drw43349.vdb

    c:\windows\gui\drw43350.txt

    c:\windows\gui\drw43350.vdb

    c:\windows\gui\drw43351.txt

    c:\windows\gui\drw43351.vdb

    c:\windows\gui\drw43352.txt

    c:\windows\gui\drw43352.vdb

    c:\windows\gui\drw43353.txt

    c:\windows\gui\drw43353.vdb

    c:\windows\gui\drw43354.txt

    c:\windows\gui\drw43354.vdb

    c:\windows\gui\drw43355.txt

    c:\windows\gui\drw43355.vdb

    c:\windows\gui\drw43356.txt

    c:\windows\gui\drw43356.vdb

    c:\windows\gui\drw43357.txt

    c:\windows\gui\drw43357.vdb

    c:\windows\gui\drw43358.txt

    c:\windows\gui\drw43358.vdb

    c:\windows\gui\drw43359.txt

    c:\windows\gui\drw43359.vdb

    c:\windows\gui\drw43360.txt

    c:\windows\gui\drw43360.vdb

    c:\windows\gui\drw43361.txt

    c:\windows\gui\drw43361.vdb

    c:\windows\gui\drw43362.txt

    c:\windows\gui\drw43362.vdb

    c:\windows\gui\drw43363.txt

    c:\windows\gui\drw43363.vdb

    c:\windows\gui\drw43364.txt

    c:\windows\gui\drw43364.vdb

    c:\windows\gui\drw43365.txt

    c:\windows\gui\drw43365.vdb

    c:\windows\gui\drweb32.dll

    c:\windows\gui\DrWeb32.key

    c:\windows\gui\drwebase.vdb

    c:\windows\gui\drwnasty.txt

    c:\windows\gui\drwnasty.vdb

    c:\windows\gui\drwrisky.txt

    c:\windows\gui\drwrisky.vdb

    c:\windows\gui\drwtoday.txt

    c:\windows\gui\drwtoday.vdb

    c:\windows\gui\dwebio16.dll

    c:\windows\gui\dwebio32.dll

    c:\windows\gui\dwebllio.dll

    c:\windows\gui\dwn43301.txt

    c:\windows\gui\dwn43301.vdb

    c:\windows\gui\dwn43302.txt

    c:\windows\gui\dwn43302.vdb

    c:\windows\gui\dwn43303.txt

    c:\windows\gui\dwn43303.vdb

    c:\windows\gui\dwn43304.txt

    c:\windows\gui\dwn43304.vdb

    c:\windows\gui\dwn43305.txt

    c:\windows\gui\dwn43305.vdb

    c:\windows\gui\dwntoday.txt

    c:\windows\gui\dwntoday.vdb

    c:\windows\gui\dwr43301.txt

    c:\windows\gui\dwr43301.vdb

    c:\windows\gui\dwrtoday.txt

    c:\windows\gui\dwrtoday.vdb

    c:\windows\gui\gui.exe

    c:\windows\gui\gui.list

    c:\windows\gui\rar.exe

    c:\windows\ilagowe.scr

    c:\windows\system32\11478.exe

    c:\windows\system32\11942.exe

    c:\windows\system32\12382.exe

    c:\windows\system32\14604.exe

    c:\windows\system32\153.exe

    c:\windows\system32\15724.exe

    c:\windows\system32\16827.exe

    c:\windows\system32\18467.exe

    c:\windows\system32\19169.exe

    c:\windows\system32\23281.exe

    c:\windows\system32\24464.exe

    c:\windows\system32\26500.exe

    c:\windows\system32\26962.exe

    c:\windows\system32\28145.exe

    c:\windows\system32\292.exe

    c:\windows\system32\29358.exe

    c:\windows\system32\2995.exe

    c:\windows\system32\32391.exe

    c:\windows\system32\3902.exe

    c:\windows\system32\4827.exe

    c:\windows\system32\491.exe

    c:\windows\system32\5436.exe

    c:\windows\system32\5705.exe

    c:\windows\system32\6334.exe

    c:\windows\system32\9961.exe

    c:\windows\system32\cds.txt

    c:\windows\system32\ctfmon .exe

    c:\windows\system32\drivers\etc\hosts.tim

    c:\windows\system32\drivers\npf.sys

    c:\windows\system32\dumphive.exe

    c:\windows\system32\dz1.txt

    c:\windows\system32\kjs

    c:\windows\system32\p1.txt

    c:\windows\system32\Packet.dll

    c:\windows\system32\pthreadVC.dll

    c:\windows\system32\r24.txt

    c:\windows\system32\sirenacm(2).dll

    c:\windows\system32\SrchSTS.exe

    c:\windows\system32\STEC3.sys

    c:\windows\system32\Sys

    c:\windows\system32\Sys\norton-db.001

    c:\windows\system32\Sys\norton-db.002

    c:\windows\system32\tmp.reg

    c:\windows\system32\WanPacket.dll

    c:\windows\system32\wpcap.dll

    c:\windows\system32\xma

    c:\windows\trace

    c:\windows\trace\trace.txt

    c:\windows\zyfob._sy

     

    Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected

    Restored copy from - Kitty ate it :P

    c:\windows\system32\grpconv.exe was missing

    Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe

     

    c:\windows\system32\proquota.exe was missing

    Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

     

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    -------\Legacy_NPF

    -------\Legacy_SSHNAS

    -------\Legacy_STEC3

    -------\Service_NPF

    -------\Service_STEC3

     

     

    ((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))

    .

     

    2010-01-28 19:09 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe

    2010-01-28 19:09 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe

    2010-01-28 19:09 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe

    2010-01-27 18:24 . 2010-01-27 18:24 664 ----a-w- c:\windows\system32\d3d9caps.dat

    2010-01-25 21:14 . 2010-01-25 21:14 -------- d-----w- c:\windows\system32\N360_BACKUP

    2010-01-21 23:16 . 2010-01-21 23:16 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe

    2010-01-21 22:11 . 2010-01-21 22:11 -------- d-----w- c:\program files\AskBarDis

    2010-01-18 18:38 . 2010-01-18 18:38 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater

    2010-01-18 18:38 . 2010-01-18 18:38 -------- d-----w- c:\program files\Application Updater

    2010-01-15 04:05 . 2010-01-15 04:05 -------- d-----w- c:\program files\Norton Support

    2010-01-15 04:04 . 2010-01-15 04:04 -------- d-----w- c:\documents and settings\Ali\Local Settings\Application Data\Symantec

    2010-01-14 20:16 . 2010-01-14 20:14 107368 ----a-r- c:\windows\system32\GEARAspi.dll

    2010-01-14 17:57 . 2010-01-14 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}

    2010-01-14 17:56 . 2010-01-14 17:56 -------- d-----w- c:\documents and settings\Ali\Local Settings\Application Data\Downloaded Installations

    2010-01-14 17:56 . 2009-08-22 08:13 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys

    2010-01-14 17:56 . 2010-01-14 20:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

    2010-01-14 17:56 . 2010-01-14 20:14 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

    2010-01-14 17:56 . 2010-01-14 20:14 -------- d-----w- c:\program files\Symantec

    2010-01-14 17:55 . 2010-01-28 18:14 -------- d-----w- c:\windows\system32\drivers\N360

    2010-01-14 17:55 . 2010-01-14 17:55 -------- d-----w- c:\program files\Norton 360

    2010-01-14 17:45 . 2010-01-14 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings

    2010-01-14 17:44 . 2010-01-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

    2010-01-12 22:29 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

    2010-01-10 18:21 . 2010-01-10 18:21 27883 ----a-w- c:\windows\system32\0ILPNBLKEB.dat

    2010-01-10 18:21 . 2010-01-10 18:21 1860 ----a-w- c:\windows\system32\0PLT01VMT.dat

    2010-01-10 18:21 . 2010-01-10 18:21 27883 ----a-w- c:\windows\system32\SVMGTJ7062.dat

    2010-01-10 18:21 . 2010-01-10 18:21 1860 ----a-w- c:\windows\system32\S1049S0YF.dat

    2010-01-07 21:44 . 2010-01-07 21:44 -------- d-----w- C:\_OTM

    2010-01-06 08:09 . 2010-01-06 08:09 -------- d-----w- c:\program files\Trend Micro

    2010-01-05 00:16 . 2010-01-05 00:16 118256 ----a-w- c:\windows\system32\qpPAUr_-g.exe

    2010-01-05 00:14 . 2010-01-07 21:44 -------- d-sh--w- c:\documents and settings\Ali\.COMMgr

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-01-26 22:58 . 2009-04-26 15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2010-01-25 21:23 . 2009-04-26 15:49 117760 ----a-w- c:\documents and settings\Ali\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

    2010-01-25 21:21 . 2009-04-26 15:46 -------- d-----w- c:\program files\SUPERAntiSpyware

    2010-01-25 21:10 . 2010-01-25 21:09 52224 ----a-w- c:\documents and settings\Ali\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

    2010-01-25 20:10 . 2006-05-18 22:19 -------- d-----w- c:\documents and settings\Ali\Application Data\Azureus

    2010-01-24 21:08 . 2010-01-24 21:08 8406648 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe

    2010-01-24 20:58 . 2010-01-24 20:58 10309448 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\chr\ChromeInstaller.exe

    2010-01-24 20:55 . 2010-01-24 20:55 64000 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll

    2010-01-24 20:55 . 2010-01-24 20:55 52288 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll

    2010-01-24 20:55 . 2010-01-24 20:55 50688 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll

    2010-01-24 20:55 . 2010-01-24 20:55 114688 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\compat.dll

    2010-01-21 22:12 . 2006-05-18 22:19 -------- d-----w- c:\program files\Azureus

    2010-01-20 19:19 . 2009-02-23 18:13 -------- d-----w- c:\program files\Microsoft Silverlight

    2010-01-14 20:14 . 2010-01-14 17:56 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

    2010-01-14 20:14 . 2010-01-14 17:56 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

    2010-01-14 20:14 . 2010-01-14 17:58 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

    2010-01-14 20:14 . 2008-01-29 12:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

    2010-01-14 18:16 . 2005-03-06 22:25 -------- d-----w- c:\program files\Common Files\Symantec Shared

    2010-01-14 17:56 . 2010-01-14 17:56 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll

    2010-01-14 17:56 . 2010-01-14 17:56 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll

    2010-01-14 17:55 . 2010-01-14 17:55 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll

    2010-01-14 17:55 . 2008-01-02 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

    2010-01-14 17:55 . 2009-08-01 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

    2010-01-14 17:51 . 2005-03-06 22:25 -------- d-----w- c:\documents and settings\Ali\Application Data\Symantec

    2010-01-07 16:07 . 2009-04-26 15:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2010-01-07 16:07 . 2009-04-26 15:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

    2010-01-06 00:34 . 2007-04-17 12:16 -------- d-----w- c:\documents and settings\Ali\Application Data\dvdcss

    2009-12-21 19:14 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll

    2009-12-15 18:40 . 2009-12-15 18:38 17245680 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\rp\RealPlayerSPGold.exe

    2009-11-21 15:51 . 2008-08-20 07:26 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

    2009-10-10 00:39 . 2009-10-10 00:39 18250 ----a-w- c:\program files\Common Files\bewoharav.pif

    2006-03-15 12:30 . 2006-03-15 12:30 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe

    2005-01-04 14:52 . 2005-01-04 14:50 227190984 ----a-w- c:\program files\OfficeSTD.exe

    2009-03-31 21:47 . 2009-01-28 20:32 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

    2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

    2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

    2005-02-13 20:42 . 2005-02-13 20:42 56 --sh--r- c:\windows\SYSTEM32\4C805BE81C.sys

    .

     

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

     

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

    2009-04-02 12:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

     

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

     

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

     

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]

    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-25 2002160]

    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]

    "Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]

    "Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 69632]

    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

    "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]

    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

    "ppmate"="c:\program files\PPMate\PPMate\ppmate.exe" [2006-11-23 1495123]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]

    "TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]

     

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

     

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-24 113664]

    AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2004-11-24 156784]

    NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]

     

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

    2010-01-25 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

    @="FSFilter Activity Monitor"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "c:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    "%windir%\\system32\\sessmgr.exe"=

     

    R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\SymEFA.sys [28/01/2010 05:14 310320]

    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\BHDrvx86.sys [28/01/2010 05:14 259632]

    R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\cchpx86.sys [28/01/2010 05:14 482432]

    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSXpx86.sys [28/01/2010 02:12 329592]

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22/12/2008 10:06 9968]

    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 10:05 74480]

    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928]

    R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [21/01/2010 22:11 464264]

    R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [21/01/2010 22:11 234888]

    R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [23/02/2009 18:12 54752]

    R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [28/01/2010 05:13 117640]

    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]

    R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [20/01/2010 00:39 102448]

    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 10:06 7408]

    S1 M9207;DigiO2 DVB-T USB Receiver;c:\windows\system32\DRIVERS\M9207BDA.sys --> c:\windows\system32\DRIVERS\M9207BDA.sys [?]

    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\SYSTEM32\FsUsbExDisk.Sys [06/12/2008 14:35 36512]

    S3 gkmixern;gkmixern;\??\c:\docume~1\Ali\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\Ali\LOCALS~1\Temp\gkmixern.sys [?]

    .

    Contents of the 'Scheduled Tasks' folder

     

    2010-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.co.uk/ig?hl=en

    uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}

    uInternet Connection Wizard,ShellNext = iexplore

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx

    FF - ProfilePath - c:\documents and settings\Ali\Application Data\Mozilla\Firefox\Profiles\emib82yk.default\

    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    .

    - - - - ORPHANS REMOVED - - - -

     

    BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

    BHO-{a8eeebd5-9962-5197-5172-d056c9db9f81} - (no file)

    Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

    ActiveSetup-{1A43B51D-2671-4bcc-89F0-9BC42DB29016} - fow64.dll

    AddRemove-360Share Pro - c:\program files\360Share Pro\bt-uninst.exe

    AddRemove-HijackThis - c:\documents and settings\Ali\Local Settings\Temporary Internet Files\Content.IE5\T2XU0AWK\HijackThis.exe

    AddRemove-LimeWire - c:\program files\LimeWire\uninstall.exe

     

     

     

    **************************************************************************

     

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-01-28 19:13

    Windows 5.1.2600 Service Pack 3 NTFS

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

    scan completed successfully

    hidden files: 0

     

    **************************************************************************

     

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]

    "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

     

    [HKEY_USERS\S-1-5-21-3974528393-405583803-1727344631-1006\Software\Microsoft\SystemCertificates\AddressBook*]

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

     

    [HKEY_USERS\S-1-5-21-3974528393-405583803-1727344631-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.

    R%]

    @Class="Shell"

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

     

    [HKEY_USERS\S-1-5-21-3974528393-405583803-1727344631-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.

    R%\OpenWithList]

    @Class="Shell"

     

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

    @DACL=(02 0000)

    "Installed"="1"

     

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

    @DACL=(02 0000)

    "Installed"="1"

    "NoChange"="1"

     

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

    @DACL=(02 0000)

    "Installed"="1"

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

     

    - - - - - - - > 'winlogon.exe'(1528)

    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    c:\windows\system32\WININET.dll

     

    - - - - - - - > 'explorer.exe'(1192)

    c:\windows\system32\WININET.dll

    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

    c:\progra~1\WINDOW~2\wmpband.dll

    c:\windows\system32\ieframe.dll

    c:\windows\system32\webcheck.dll

    c:\windows\system32\WPDShServiceObj.dll

    c:\windows\system32\PortableDeviceTypes.dll

    c:\windows\system32\PortableDeviceApi.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\system32\Ati2evxx.exe

    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    c:\program files\Intel\Intel Application Accelerator\iaantmon.exe

    c:\program files\Java\jre6\bin\jqs.exe

    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    c:\windows\system32\wscntfy.exe

    c:\program files\iPod\bin\iPodService.exe

    .

    **************************************************************************

    .

    Completion time: 2010-01-28 19:22:24 - machine was rebooted

    ComboFix-quarantined-files.txt 2010-01-28 19:22

    ComboFix2.txt 2006-12-17 20:18

     

    Pre-Run: 13,333,274,624 bytes free

    Post-Run: 13,537,193,984 bytes free

     

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

     

    - - End Of File - - 518830A26292CBFE15E51552E95F8E3C

     

    What's next?

  11. Right, it's been a while since I've had a chance to get back on here but here's a copy of my latest kaspersky scan and also an hjt log now tha I've got norton 360 installed.

    My computer seems to be running fine apart from google which goes to random pages instead of what i search for. What's next?

     

    --------------------------------------------------------------------------------

    KASPERSKY ONLINE SCANNER 7.0: scan report

    Wednesday, January 27, 2010

    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

    Kaspersky Online Scanner version: 7.0.26.13

    Last database update: Tuesday, January 26, 2010 23:22:11

    Records in database: 3374802

    --------------------------------------------------------------------------------

     

    Scan settings:

    scan using the following database: extended

    Scan archives: yes

    Scan e-mail databases: yes

     

    Scan area - My Computer:

    C:\

    D:\

     

    Scan statistics:

    Objects scanned: 104384

    Threats found: 2

    Infected objects found: 5

    Suspicious objects found: 0

    Scan duration: 11:32:43

     

     

    File name / Threat / Threats count

    C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{087AD7A3-C010-4FAC-8511-B0DA327F5994} Infected: Trojan.Win32.Qhost.ka 1

    C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9C2D0797-7A3F-40FC-813F-4CE9E41C393F} Infected: Trojan.Win32.Qhost.ka 1

    C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CF55BCDD-475C-499B-82B8-728AFC7B450E} Infected: Trojan.Win32.Qhost.ka 1

    C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{FE00FBED-79A1-4B5E-9619-15E598B715D7} Infected: Trojan.Win32.Qhost.ka 1

    C:\Program Files\Trend Micro\HijackThis\backups\backup-20100107-214052-489.dll Infected: not-a-virus:AdWare.Win32.EZula.fl 1

     

    Selected area has been scanned.

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 20:16:26, on 27/01/2010

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Application Updater\ApplicationUpdater.exe

    C:\Program Files\AskBarDis\bar\bin\AskService.exe

    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

    C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe

    C:\Program Files\TalkTalk\bin\sprtsvc.exe

    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Java\jre6\bin\java.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R3 - URLSearchHook: (no name) - - (no file)

    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

    O1 - Hosts: [internet Media][AS12008][204.69.234.0 - 204.69.234.255]

    O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: (no name) - {a8eeebd5-9962-5197-5172-d056c9db9f81} - (no file)

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll

    O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [ulead AutoDetector] "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe"

    O4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe"

    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"

    O4 - HKLM\..\Run: [ppmate] "C:\Program Files\PPMate\PPMate\ppmate.exe" -autoplay

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk

    O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab

    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...448/mcfscan.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe

    O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

    O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

     

    --

    End of file - 12988 bytes

  12. [Luckily I don't use this computer for online banking, but like most people I have bought things online.

    It will be very hard to remember all the sites that I have used and bought, is there some sort of tool I can download to find them?

    Do I need to contact all the websites or just those that I know I've used recently and also should I notify stores that I've bought items from or just change my password on that site?

     

    I think the risk of having my passwords stolen is smaller than if I stored them normally, as I have used Norton to store my passwords rather than just on the computer, but I have still contacted my bank just in case.

  13. Here are my MBAM report and also my latest hjk log. What do you think?

    I'm still not running any antivirus but I expect my norton 360 to be delivered tomorrow.

     

    Malwarebytes' Anti-Malware 1.44

    Database version: 3537

    Windows 5.1.2600 Service Pack 3

    Internet Explorer 8.0.6001.18702

     

    11/01/2010 00:23:26

    mbam-log-2010-01-11 (00-23-26).txt

     

    Scan type: Quick Scan

    Objects scanned: 123962

    Time elapsed: 9 minute(s), 7 second(s)

     

    Memory Processes Infected: 0

    Memory Modules Infected: 1

    Registry Keys Infected: 7

    Registry Values Infected: 4

    Registry Data Items Infected: 10

    Folders Infected: 0

    Files Infected: 17

     

    Memory Processes Infected:

    (No malicious items detected)

     

    Memory Modules Infected:

    c:\WINDOWS\SYSTEM32\sshnas.dll (Trojan.Downloader) -> Delete on reboot.

     

    Registry Keys Infected:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

     

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

     

    Registry Data Items Infected:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Rootkit.Agent) -> Data: c:\windows\system32\kbdsock.dll -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Rootkit.Agent) -> Data: system32\kbdsock.dll -> Quarantined and deleted successfully.

     

    Folders Infected:

    (No malicious items detected)

     

    Files Infected:

    c:\WINDOWS\SYSTEM32\sshnas.dll (Trojan.Downloader) -> Delete on reboot.

    C:\ydbkaxo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    C:\WINDOWS\SYSTEM32\mshlps.dll (Spyware.Passwords) -> Quarantined and deleted successfully.

    C:\WINDOWS\SYSTEM32\winlogon86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    C:\WINDOWS\SYSTEM32\winupdate .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

    C:\WINDOWS\SYSTEM32\winhelper86.dll (Trojan.BHO) -> Quarantined and deleted successfully.

    C:\WINDOWS\SYSTEM32\DRIVERS\stxvmt.sys (Rootkit.Agent) -> Delete on reboot.

    C:\Documents and Settings\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Ali\Start Menu\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Ali\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

    C:\WINDOWS\SYSTEM32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

    C:\WINDOWS\SYSTEM32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    C:\WINDOWS\SYSTEM32\flags.ini (Malware.Trace) -> Delete on reboot.

    C:\WINDOWS\SYSTEM32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.

    C:\WINDOWS\SYSTEM32\kbdsock.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 00:31:38, on 11/01/2010

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\TalkTalk\bin\sprtsvc.exe

    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

    C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\TalkTalk\bin\sprtcmd.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en

    R3 - URLSearchHook: (no name) - - (no file)

    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

    O1 - Hosts: [internet Media][AS12008][204.69.234.0 - 204.69.234.255]

    O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: (no name) - {a8eeebd5-9962-5197-5172-d056c9db9f81} - (no file)

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

    O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [ulead AutoDetector] "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe"

    O4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe"

    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"

    O4 - HKLM\..\Run: [ppmate] "C:\Program Files\PPMate\PPMate\ppmate.exe" -autoplay

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab

    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...448/mcfscan.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

     

    --

    End of file - 13387 bytes

  14. I haven't tried surfing at all so i don't know about whether I'm still getting pop-ups or redirected to the wrong website, but there's no internet security(apart from the start menu) or red cross in the bottom right corner which seems good.

     

    Here's the Kaspersky Scan:

    --------------------------------------------------------------------------------

    KASPERSKY ONLINE SCANNER 7.0: scan report

    Friday, January 8, 2010

    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

    Kaspersky Online Scanner version: 7.0.26.13

    Last database update: Friday, January 08, 2010 07:48:45

    Records in database: 3325935

    --------------------------------------------------------------------------------

     

    Scan settings:

    scan using the following database: extended

    Scan archives: yes

    Scan e-mail databases: yes

     

    Scan area - My Computer:

    C:\

    D:\

    E:\

     

    Scan statistics:

    Objects scanned: 105259

    Threats found: 11

    Infected objects found: 81

    Suspicious objects found: 0

    Scan duration: 11:48:35

     

     

    File name / Threat / Threats count

    ati2evxx.exe\kbdsock.dll/ati2evxx.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    C:\WINDOWS\system32\kbdsock.dll/C:\WINDOWS\system32\kbdsock.dll Infected: Trojan.Win32.Agent.deot 31

    c:\windows\system32\sshnas.dll/c:\windows\system32\sshnas.dll Infected: Trojan.Win32.FraudPack.ajrf 4

    CCSVCHST.EXE\kbdsock.dll/CCSVCHST.EXE\kbdsock.dll Infected: Trojan.Win32.Agent.deot 2

    explorer.exe\kbdsock.dll/explorer.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    spoolsv.exe\kbdsock.dll/spoolsv.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    monitor.exe\kbdsock.dll/monitor.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    hpwuSchd2.exe\kbdsock.dll/hpwuSchd2.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    hpotdd01.exe\kbdsock.dll/hpotdd01.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    QTTask.exe\kbdsock.dll/QTTask.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    iTunesHelper.exe\kbdsock.dll/iTunesHelper.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    sprtcmd.exe\kbdsock.dll/sprtcmd.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    ctfmon.exe\kbdsock.dll/ctfmon.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    msmsgs.exe\kbdsock.dll/msmsgs.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    NMBgMonitor.exe\kbdsock.dll/NMBgMonitor.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    acrotray.exe\kbdsock.dll/acrotray.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    AppleMobileDeviceService.exe\kbdsock.dll/AppleMobileDeviceService.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    AluSchedulerSvc.exe\kbdsock.dll/AluSchedulerSvc.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    IAANTmon.exe\kbdsock.dll/IAANTmon.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    jqs.exe\kbdsock.dll/jqs.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    MDM.EXE\kbdsock.dll/MDM.EXE\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    sprtsvc.exe\kbdsock.dll/sprtsvc.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    tgsrvc.exe\kbdsock.dll/tgsrvc.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    SpySweeper.exe\kbdsock.dll/SpySweeper.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    iPodService.exe\kbdsock.dll/iPodService.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    iexplore.exe\kbdsock.dll/iexplore.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 3

    WinRAR.exe\kbdsock.dll/WinRAR.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    Acrobat.exe\kbdsock.dll/Acrobat.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    WISPTIS.EXE\kbdsock.dll/WISPTIS.EXE\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    msnmsgr.exe\kbdsock.dll/msnmsgr.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1

    C:\Documents and Settings\Ali\Application Data\SystemProc\lsass.exe Infected: Trojan.Win32.Swisyn.twi 1

    C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{087AD7A3-C010-4FAC-8511-B0DA327F5994} Infected: Trojan.Win32.Qhost.ka 1

    C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9C2D0797-7A3F-40FC-813F-4CE9E41C393F} Infected: Trojan.Win32.Qhost.ka 1

    C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CF55BCDD-475C-499B-82B8-728AFC7B450E} Infected: Trojan.Win32.Qhost.ka 1

    C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{FE00FBED-79A1-4B5E-9619-15E598B715D7} Infected: Trojan.Win32.Qhost.ka 1

    C:\WINDOWS\SYSTEM32\critical_warning.html Infected: Trojan.JS.Hoax.b 1

    C:\WINDOWS\SYSTEM32\sshnas.dll Infected: Trojan.Win32.FraudPack.ajrf 1

    C:\WINDOWS\SYSTEM32\winhelper86.dll Infected: Trojan.Win32.BHO.adcn 1

    C:\WINDOWS\SYSTEM32\winlogon86.exe Infected: Trojan-Downloader.Win32.FraudLoad.gij 1

    C:\WINDOWS\SYSTEM32\winupdate .exe Infected: Trojan-Downloader.Win32.FraudLoad.fwn 1

    C:\ydbkaxo.exe Infected: Trojan-Downloader.Win32.FraudLoad.gij 1

    C:\_OTM\MovedFiles\01072010_214413\C_Documents and Settings\Ali\.COMMgr\complmgr.exe Infected: Trojan.Win32.Scar.bbjy 1

    C:\_OTM\MovedFiles\01072010_214413\C_DOCUME~1\Ali\LOCALS~1\Temp\c.exe Infected: Packed.Win32.Krap.ag 1

    C:\_OTM\MovedFiles\01072010_214413\C_Program Files\InternetSecurity2010\IS2010.exe Infected: Trojan.Win32.FraudPack.ajsf 1

    C:\_OTM\MovedFiles\01072010_214413\C_WINDOWS\system32\winupdate86.exe Infected: Trojan-Downloader.Win32.FraudLoad.gij 1

     

    Selected area has been scanned.

     

    and here's the latest hijackthis log run after the scan:

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 18:22:53, on 10/01/2010

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\TalkTalk\bin\sprtsvc.exe

    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

    C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\TalkTalk\bin\sprtcmd.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en

    R3 - URLSearchHook: (no name) - - (no file)

    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

    O1 - Hosts: [internet Media][AS12008][204.69.234.0 - 204.69.234.255]

    O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: (no name) - {a8eeebd5-9962-5197-5172-d056c9db9f81} - (no file)

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

    O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [ulead AutoDetector] "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe"

    O4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe"

    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"

    O4 - HKLM\..\Run: [ppmate] "C:\Program Files\PPMate\PPMate\ppmate.exe" -autoplay

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk

    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab

    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...448/mcfscan.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

     

    --

    End of file - 13492 bytes

  15. Hi Juliet,

    I've fixed what you told me to on hijackthis and internet security 2010 has gone.

    I copied in the text into OTM and as you suggested may happen, i had to restart, so here's the log file:

     

    All processes killed

    ========== FILES ==========

    C:\DOCUME~1\Ali\LOCALS~1\Temp\services.exe moved successfully.

    C:\Documents and Settings\Ali\.COMMgr\complmgr.exe moved successfully.

    C:\WINDOWS\system32\winupdate86.exe moved successfully.

    File/Folder C:\WINDOWS\system32\0tH9lPJDt_5nI2_.dll not found.

    C:\DOCUME~1\Ali\LOCALS~1\Temp\c.exe moved successfully.

    C:\DOCUME~1\Ali\LOCALS~1\Temp\cgnux.exe moved successfully.

    C:\DOCUME~1\Ali\LOCALS~1\Temp\install.exe moved successfully.

    C:\Program Files\InternetSecurity2010 folder moved successfully.

    C:\WINDOWS\system32\drivers\etc\hosts moved successfully.

    ========== REGISTRY ==========

    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\COM+ Manager not found.

    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winupdate86.exe not found.

    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ygua8e7yhuiesfha876yfauy8fe not found.

    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\asg984jgkfmgasi8ug98jgkfgfb not found.

    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LREC75DND7 not found.

    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Internet Security 2010 not found.

    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\RTHDBPL not found.

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!

    ========== COMMANDS ==========

     

    [EMPTYTEMP]

     

    User: Administrator

    ->Temp folder emptied: 32768 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

     

    User: Ali

    ->Temp folder emptied: 150691649 bytes

    ->Temporary Internet Files folder emptied: 83238293 bytes

    ->Java cache emptied: 30624437 bytes

    ->FireFox cache emptied: 38329976 bytes

     

    User: All Users

     

    User: Default User

    ->Temp folder emptied: 32768 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes

     

    User: LocalService

    ->Temp folder emptied: 66016 bytes

    ->Temporary Internet Files folder emptied: 70855 bytes

     

    User: NetworkService

    ->Temp folder emptied: 1163778 bytes

    ->Temporary Internet Files folder emptied: 85486345 bytes

     

    User: Owner

     

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 39138 bytes

    %systemroot%\System32 .tmp files removed: 23292921 bytes

    Windows Temp folder emptied: 1134220 bytes

    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12991566 bytes

    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 20060444 bytes

    RecycleBin emptied: 23246641 bytes

     

    Total Files Cleaned = 449.00 mb

     

     

    OTM by OldTimer - Version 3.1.4.0 log created on 01072010_214413

     

    Files moved on Reboot...

    File C:\WINDOWS\temp\JETE5AC.tmp not found!

    File C:\WINDOWS\temp\Perflib_Perfdata_728.dat not found!

     

    Registry entries deleted on Reboot...

     

    Should I just go onto the next stage or do you have any other suggestions as to what else I should do?

     

    PS MY norton 360 expired between christmas and new year so I don't know if I've covered since then. I have now ordered v3.0 so I will have antivirus re-installed shortly

  16. Rather tham opening a new thread, I thought it best to continue my old one as I'm having more problems. I'm still getting the error message on startup and have got that red icon with a cross back and also something called internet security 2010 keeps popping up claiming to be antispyware.

    I've tried using malwarebytes, super anti-spyware and even ad-aware and spysweeper but none of the them have removed the threat.

    Unfortunately my norton 360 has expired and I don't want to use my bank details online whilst I've got this problem to renew it, plus we've got tons of snow in sunny england so I haven't made it to the shops to buy a hard copy!

    My last resort is using hijackthis. I've downloaded the latest version 2.0.2 and here is the log. Please help!

     

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 16:28:38, on 06/01/2010

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\DOCUME~1\Ali\LOCALS~1\Temp\c.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\TalkTalk\bin\sprtsvc.exe

    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

    C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Documents and Settings\Ali\Application Data\SystemProc\lsass.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\TalkTalk\bin\sprtcmd.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\winupdate86.exe

    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

    C:\DOCUME~1\Ali\LOCALS~1\Temp\cgnux.exe

    C:\Documents and Settings\Ali\.COMMgr\complmgr.exe

    C:\DOCUME~1\Ali\LOCALS~1\Temp\install.exe

    C:\Program Files\InternetSecurity2010\IS2010.exe

    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\DOCUME~1\Ali\LOCALS~1\Temp\user.exe

    C:\DOCUME~1\Ali\LOCALS~1\Temp\login.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\DOCUME~1\Ali\LOCALS~1\Temp\services.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en

    R3 - URLSearchHook: (no name) - - (no file)

    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

    O1 - Hosts: ::1 localhost

    O1 - Hosts: 91.212.127.226 ossecure2009.microsoft.com

    O1 - Hosts: 91.212.127.226 os-secure2009.com

    O1 - Hosts: 91.212.127.226 www.os-secure2009.com

    O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: gwprimawega - {a8eeebd5-9962-5197-5172-d056c9db9f81} - C:\WINDOWS\system32\0tH9lPJDt_5nI2_.dll

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

    O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [ulead AutoDetector] "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe"

    O4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe"

    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"

    O4 - HKLM\..\Run: [ppmate] "C:\Program Files\PPMate\PPMate\ppmate.exe" -autoplay

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk

    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\Ali\LOCALS~1\Temp\cgnux.exe

    O4 - HKCU\..\Run: [COM+ Manager] "C:\Documents and Settings\Ali\.COMMgr\complmgr.exe"

    O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Ali\LOCALS~1\Temp\services.exe

    O4 - HKCU\..\Run: [LREC75DND7] C:\DOCUME~1\Ali\LOCALS~1\Temp\c.exe

    O4 - HKCU\..\Run: [internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe

    O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Ali\Application Data\SystemProc\lsass.exe

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

    O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab

    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...448/mcfscan.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    O20 - Winlogon Notify: jkkIYsSi - jkkIYsSi.dll (file missing)

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

     

    --

    End of file - 14874 bytes

  17. Hi,

    I've had a number of problems with my PC recently, and I don't know if they are linked or not.

    I'll list them in order of occurence:

    1) Every time I start my computer I now get an error message which say - "One of the files containing your system's Registry data had to be recovered by use of an alternate copy. The recovery was succesful"

    2) I got an icon in the bottom righthand corner which was a red circle with a white cross. It had a text bubble coming out of it saying that I had spyware, click here to remove it. I recognised that this was some sort of virus pre-installer and downloaded AVG 8.5 (As my Norton 360 didn't pick it up) and removed all threats and I haven't seen it since.

    3) However, since removing the threat in 2), I now can't access my task manager and the error message has the same icon as in 2) which makes me think that I haven't completely removed it.

    4) I am now getting frequent error messages coming up which crash my internet explorer and/or mozilla firefox.

     

    Please can you advise as to what I should do. I have previously followed instructions on here to remove a virus and I am very happy to do that again.

     

    Thanks

  18. :sparkle:I tried to research property settings for Flat screens....and I must be losing my touch.

    I went into a Dell site and a HP/Compaq site....

    I'll list those links....

     

    HP and Compaq Flat Panel Displays - Flat Panel Display Troubleshooting

     

    Notebook Displays and Flat-Panel Monitors - Frequently Asked Questions......Dell

     

    You may not have these Vendor's flat monitor but you maybe able to see settings that would apply to yours?

    Also as Inprofile stated.....updating/installing another version of Winamp

     

    check for latest version of Winamp

     

    thanks for the advice on the monitor i'll have a look,as regards to updating winamp i never had it installed in the first place!
×
×
  • Create New...