Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible malware infection


  • This topic is locked This topic is locked
24 replies to this topic

#1 paulmonan

paulmonan

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 13 May 2009 - 02:06 PM

I have been through the section of this forum...

"Slow Computer/browser? Check Here First; It May Not Be Malware"

And I am still having issues. My internet speed is OK but some sites will just slow down to an unusable speed, I suspect some form of malware or similar. i have cantacted my service provider, talktalk, and they have said this could be due to infected computer. I have run a full system scan with AVG and there is no infectioons found. If someone could have a look at my log that would be greatly appreciated. Thank you.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Mum & Dad at 19:54:51.79 on 13/05/2009
Internet Explorer: 7.0.5700.6 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.92 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\V0230Mon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mum & Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:8484
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [(AudioSrv) ] "c:\program files\ahead\bin\xmlprov.exe" /set
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [EPSON Stylus CX3200] c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe
mRun: [TalkTalk] "c:\program files\talktalk\bin\sprtcmd.exe" /P TalkTalk
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
DPF: {0A742471-6B4B-4419-A0B2-68E4A9FF5ACD} - file:///C:/ActivLite_ECDLXP_E/btlocal3.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - hxxp://www.parallelgraphics.com/l2/bin/cortvrml.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows\system32\ieframe.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mum&da~1\applic~1\mozilla\firefox\profiles\090080pr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-21 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-21 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-21 298776]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
S2 Windows Audio (AudioSrv) ;Windows Audio (AudioSrv) ;c:\program files\ahead\bin\xmlprov.exe --> c:\program files\ahead\bin\xmlprov.exe [?]
S3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [2007-1-16 15232]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2007-1-26 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2007-1-26 500480]
S3 VF0230Srv;Creative VF0230 RunApp Service;c:\windows\system32\V0230Srv.exe [2007-1-26 8192]

=============== Created Last 30 ================

2009-04-20 21:41 0 ac------ C:\LOG11.tmp
2009-04-16 16:02 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-16 16:02 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-16 16:02 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 16:02 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-16 16:02 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 16:02 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 16:02 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-16 16:02 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 16:02 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-16 16:01 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 16:01 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 16:01 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-09 11:31 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-09 11:31 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-09 11:30 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2005-12-15 21:18 17,536 a------- c:\docume~1\mum&da~1\applic~1\GDIPFONTCACHEV1.DAT
2008-10-04 12:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100420081005\index.dat
2008-03-20 23:09 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-03-20 23:09 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-03-20 23:09 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 19:55:29.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,995 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:47 PM

Posted 27 May 2009 - 03:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 paulmonan

paulmonan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 28 May 2009 - 12:12 PM

Hi there, thanks for helping. I am still having issues. My internet speed is OK but some sites will just slow down to an unusable speed, I suspect some form of malware or similar. i have cantacted my service provider, talktalk, and they have said this could be due to infected computer. I have run a full system scan with AVG and there is no infectioons found.



DDS (Ver_09-05-14.01) - NTFSx86
Run by Mum & Dad at 18:06:49.82 on 28/05/2009
Internet Explorer: 7.0.5700.6 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.151 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\V0230Mon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mum & Dad\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:8484
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [(AudioSrv) ] "c:\program files\ahead\bin\xmlprov.exe" /set
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [EPSON Stylus CX3200] c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe
mRun: [TalkTalk] "c:\program files\talktalk\bin\sprtcmd.exe" /P TalkTalk
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
DPF: {0A742471-6B4B-4419-A0B2-68E4A9FF5ACD} - file:///C:/ActivLite_ECDLXP_E/btlocal3.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - hxxp://www.parallelgraphics.com/l2/bin/cortvrml.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows\system32\ieframe.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mum&da~1\applic~1\mozilla\firefox\profiles\090080pr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-21 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-21 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-21 298776]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
S2 Windows Audio (AudioSrv) ;Windows Audio (AudioSrv) ;c:\program files\ahead\bin\xmlprov.exe --> c:\program files\ahead\bin\xmlprov.exe [?]
S3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [2007-1-16 15232]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2007-1-26 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2007-1-26 500480]
S3 VF0230Srv;Creative VF0230 RunApp Service;c:\windows\system32\V0230Srv.exe [2007-1-26 8192]

=============== Created Last 30 ================


==================== Find3M ====================

2009-05-09 11:31 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-09 11:31 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-09 11:30 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2005-12-15 21:18 17,536 a------- c:\docume~1\mum&da~1\applic~1\GDIPFONTCACHEV1.DAT
2008-10-04 12:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100420081005\index.dat
2008-03-20 23:09 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-03-20 23:09 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-03-20 23:09 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:07:31.75 ===============

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:47 PM

Posted 30 May 2009 - 12:20 AM

Hi paulmonan,



Welcome to BleepingComputer HijackThis Logs and Malware Removal, :thumbup2:
My name is sundavis, I will be helping you to deal with your Malware problems today.

My internet speed is OK but some sites will just slow down to an unusable speed


Which browser is in use at that time? or all browser (IE and FF) confronted the same situation as you described.

I also notice there is an unwanted programs including some java leftovers installed in your system. That unwanted program is sometimes malware related or potential hazard to your security. You're well advised to remove them.

Click Start > Settings > Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight

180search Toolbar
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1

and click on Change/Remove to remove it.



Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries



Step2
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


In your next reply, please post back:


1.GMER log
2.RSIT log.txt and info.txt.Thanks.

#5 paulmonan

paulmonan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 03 June 2009 - 02:14 PM

Hi there,

Thanks for your help in this matter. My problems occur on any browser I use.

I have attached the Gmer.txt and below are the other 2...

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mum & Dad at 2009-06-03 20:09:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 46 GB (59%) free of 78 GB
Total RAM: 511 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:08, on 03/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\V0230Mon.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mum & Dad\Desktop\RSIT.exe
C:\Program Files\trend micro\Mum & Dad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8484
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [(AudioSrv) ] "C:\Program Files\Ahead\bin\xmlprov.exe" /set
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeuk.net/
O16 - DPF: {0A742471-6B4B-4419-A0B2-68E4A9FF5ACD} (BTLocalAPI.BTlocal) - file:///C:/ActivLite_ECDLXP_E/btlocal3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E15BE2F-1062-4442-A179-5EA2C50CE9E5}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Update Service (gupdate1c9dfd69f4d0450) (gupdate1c9dfd69f4d0450) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: Creative VF0230 RunApp Service (VF0230Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\V0230Srv.exe
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\Program Files\Ahead\bin\xmlprov.exe (file missing)

--
End of file - 8583 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2006-12-18 726568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-09 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-28 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-05 57344]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-04-02 4616192]
"nwiz"=nwiz.exe /install []
"NeroCheck"=C:\WINDOWS\System32\\NeroCheck.exe [2001-07-09 155648]
"EPSON Stylus CX3200"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-07-01 74752]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"V0230Mon.exe"=C:\WINDOWS\V0230Mon.exe [2006-09-06 32768]
"TalkTalk"=C:\Program Files\TalkTalk\bin\sprtcmd.exe [2007-10-12 202016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-05-09 1947928]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-06 177472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
""= []
"(AudioSrv) "=C:\Program Files\Ahead\bin\xmlprov.exe /set []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-28 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180sa]
c:\program files\180search assistant\180sa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
C:\Program Files\Altnet\Points Manager\Points Manager.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Common Files\CMEII\CMESys.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]
C:\Program Files\Media Gateway\MediaGateway.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft System Checkup]
wnetlogin.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NT Logging Service]
syslog32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\skynetave.exe]
C:\WINDOWS\skynetave.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
C:\Program Files\SurfAccuracy\SAcc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
C:\PROGRA~1\COMMON~1\GMT\GMT.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-09 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll [2006-08-23 5906432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"C:\Team17\Worms World Party\wwp.exe"="C:\Team17\Worms World Party\wwp.exe:*:Disabled:Worms World Party"
"C:\Westwood\RA2\game.exe"="C:\Westwood\RA2\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\Westwood\RA2\mph.exe"="C:\Westwood\RA2\mph.exe:*:Disabled:mph"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek Client"
"C:\Program Files\Ares Lite Edition\Ares.exe"="C:\Program Files\Ares Lite Edition\Ares.exe:*:Enabled:Ares"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat"="C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\EA Games\Command and Conquer Generals\game.dat"="C:\Program Files\EA Games\Command and Conquer Generals\game.dat:*:Disabled:game"
"C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\patchget.dat"="C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat"="C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat:*:Disabled:game"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\E Games\Blast Thru\bt.exe"="C:\Program Files\E Games\Blast Thru\bt.exe:*:Enabled:bt"
"C:\Program Files\Small Rockets\Ultra Assault\ultraassault.exe"="C:\Program Files\Small Rockets\Ultra Assault\ultraassault.exe:*:Enabled:ultraassault"
"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\Program Files\Golf Demo\Golf.exe"="C:\Program Files\Golf Demo\Golf.exe:*:Enabled:Golf"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:pando"
"C:\Program Files\TalkTalk\agent\bin\bcont.exe"="C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe"
"C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe"="C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe"
"C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe"="C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe"
"C:\Program Files\TalkTalk\bin\sprtcmd.exe"="C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe"
"C:\Program Files\Ahead\bin\xmlprov.exe"="C:\Program Files\Ahead\bin\xmlprov.exe:*:Enabled:TINYPROXY"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5260d80-0f3c-11de-b37a-0030186fab70}]
shell\AutoRun\command - I:\WDSetup.exe


======List of files/folders created in the last 3 months======

2009-06-03 20:09:51 ----D---- C:\Program Files\trend micro
2009-06-03 20:09:50 ----DC---- C:\rsit
2009-05-28 21:54:17 ----DC---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-05-12 21:26:39 ----A---- C:\WINDOWS\resetlog.txt
2009-04-20 21:41:49 ----AC---- C:\LOG11.tmp
2009-04-16 23:41:07 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 23:41:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 23:38:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 23:38:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 23:38:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 23:38:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 16:01:30 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-05 21:04:20 ----D---- C:\Program Files\Safari
2009-04-05 19:03:04 ----D---- C:\Program Files\iTunes
2009-04-05 19:03:04 ----D---- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-05 19:00:52 ----D---- C:\Program Files\QuickTime
2009-04-05 18:53:05 ----D---- C:\Program Files\Bonjour
2009-03-26 19:27:58 ----D---- C:\Documents and Settings\Mum & Dad\Application Data\ParallelGraphics
2009-03-21 13:08:56 ----HDC---- C:\$AVG8.VAULT$
2009-03-21 11:14:33 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-21 11:14:05 ----D---- C:\Program Files\AVG
2009-03-21 11:14:04 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-14 13:08:57 ----D---- C:\Documents and Settings\Mum & Dad\Application Data\Malwarebytes
2009-03-14 13:08:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-14 13:08:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-14 12:37:08 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-11 21:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 21:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 21:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 21:47:08 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-10 23:24:51 ----D---- C:\Program Files\Common Files\Adobe AIR

======List of files/folders modified in the last 3 months======

2009-06-03 20:09:51 ----AD---- C:\Program Files
2009-06-03 20:09:30 ----D---- C:\WINDOWS\Prefetch
2009-06-03 16:56:02 ----AD---- C:\WINDOWS\Temp
2009-06-03 16:55:02 ----SD---- C:\WINDOWS\Tasks
2009-06-03 09:12:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-01 21:37:53 ----SHD---- C:\WINDOWS\Installer
2009-06-01 21:37:30 ----D---- C:\WINDOWS\system32
2009-06-01 21:36:48 ----D---- C:\Program Files\Java
2009-06-01 21:36:47 ----D---- C:\Program Files\Common Files
2009-06-01 21:28:59 ----D---- C:\Program Files\Google
2009-05-29 18:04:36 ----D---- C:\Program Files\Mozilla Firefox
2009-05-28 18:49:05 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-26 22:40:23 ----HD---- C:\WINDOWS\inf
2009-05-12 22:16:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-12 22:11:59 ----AD---- C:\WINDOWS
2009-05-12 22:01:17 ----A---- C:\WINDOWS\imsins.BAK
2009-05-12 22:01:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-09 11:32:05 ----D---- C:\WINDOWS\system32\drivers
2009-05-07 08:16:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-20 21:43:14 ----D---- C:\Documents and Settings\Mum & Dad\Application Data\U3
2009-04-17 12:49:53 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 12:49:53 ----D---- C:\WINDOWS\AppPatch
2009-04-16 23:38:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 16:11:26 ----D---- C:\Documents and Settings\Mum & Dad\Application Data\Mozilla
2009-04-09 18:09:16 ----D---- C:\Program Files\Soulseek
2009-04-05 21:08:15 ----D---- C:\Documents and Settings\Mum & Dad\Application Data\Apple Computer
2009-04-05 19:03:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-05 19:03:13 ----D---- C:\Program Files\iPod
2009-04-05 19:03:13 ----D---- C:\Program Files\Common Files\Apple
2009-03-26 19:27:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-21 15:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-21 11:13:38 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-21 11:13:37 ----D---- C:\WINDOWS\WinSxS
2009-03-15 15:24:38 ----RSD---- C:\WINDOWS\Fonts
2009-03-15 13:01:55 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-15 12:46:48 ----SHD---- C:\RECYCLER
2009-03-15 12:46:48 ----DC---- C:\Documents and Settings
2009-03-14 14:07:57 ----D---- C:\Program Files\GamesBar
2009-03-14 13:04:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-14 13:03:25 ----D---- C:\Program Files\LimeWire
2009-03-14 13:00:52 ----D---- C:\Program Files\Gamenext
2009-03-13 12:36:42 ----D---- C:\WINDOWS\network diagnostic
2009-03-10 23:25:03 ----D---- C:\Program Files\Adobe
2009-03-10 23:24:54 ----DC---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-10 23:24:54 ----D---- C:\Documents and Settings\Mum & Dad\Application Data\Adobe
2009-03-10 23:20:56 ----D---- C:\Program Files\Common Files\Adobe
2009-03-06 15:22:18 ----A---- C:\WINDOWS\system32\pdh.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-05-09 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-05-09 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-09 108552]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 STEC3;STEC3; \??\C:\WINDOWS\System32\STEC3.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-07 404608]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-19 455803]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 Intels51;Intel® 536EP V.92 Modem; C:\WINDOWS\System32\DRIVERS\Intels51.sys [2002-05-10 633220]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-04-02 1265130]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\MUM&DA~1\LOCALS~1\Temp\aujasnkj.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 uac4pdt;PDT USB Composite Class Filter Driver; C:\WINDOWS\system32\DRIVERS\uac4pdt.sys [2005-12-12 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 V0230Vfx;V0230Vfx; C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-23 6272]
S3 V0230VID;Live! Cam Video IM Pro; C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-09-28 500480]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-09 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk); C:\Program Files\TalkTalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk); C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe [2007-08-02 148768]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S2 gupdate1c9dfd69f4d0450;Google Update Service (gupdate1c9dfd69f4d0450); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-28 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-28 183280]
S2 Windows Audio (AudioSrv) ;Windows Audio (AudioSrv) ; C:\Program Files\Ahead\bin\xmlprov.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-04-18 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2006-03-22 68096]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe [2007-08-02 382320]
S3 VF0230Srv;Creative VF0230 RunApp Service; C:\WINDOWS\system32\V0230Srv.exe [2006-03-15 8192]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.06 2009-06-03 20:10:10

======Uninstall list======

-(/'|'\)- DivX Codec 3.11a Codec -(/'|'\)--->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Activ ECDL & Unit E-->"C:\ActivLite_ECDLXP_E\Remove.exe" /U:"C:\ActivLite_ECDLXP_E\Remove.log"
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}\Setup.exe" -l0x9
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\setup.exe" -l0x9 -uninst
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 /remove
Creative Live! Cam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9 /remove
Creative Live! Cam Video IM Pro Driver (1.01.03.0928)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0230.uns -unsext NT -plugin V0230Pin.dll -pluginres CtCamPin.crl
Creative Live! Cam Video IM Pro User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative Live! Cam Video IM Pro\Creative Live! Cam Video IM Pro User's Guide\English\CTManual.isu"
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Digimax A7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD> anything
Director 8.5 Shockwave Studio-->C:\PROGRA~1\MACROM~1\DIRECT~1.5\UNWISE.EXE C:\PROGRA~1\MACROM~1\DIRECT~1.5\install.log
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9391F2BC-B6F3-4AAC-82CC-5A74A4ED388E}\setup.exe" -l0x9 MyUninstall
EPSON PhotoQuicker3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\setup.exe" -l0x9 Uninstall
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" -l0x9 UNINSTALL
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iPod Updater 2004-08-06-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F8C106A-7DFC-45DE-8006-F9145AADF1D8} /l1033
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
L&H TTS3000 British English-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" UNINSTALL
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Standard-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{C7EEC93A-2A61-4B1E-B696-A264680A889D}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NVIDIA nForce Drivers-->C:\WINDOWS\System32\nvuninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Pando-->MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
SightSpeed (remove only)-->"C:\Program Files\SightSpeed\uninst.exe"
Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE-->rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Speech Redistributables-->MsiExec.exe /I{40A2D170-A4EB-4611-8181-63127606BAEF}
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
TalkTalk Assist & Go-->MsiExec.exe /X{D084B1A9-153B-409D-AEBF-C40FCEF925EA}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VideoEgg Publisher-->C:\Program Files\VideoEgg\Uninstall.exe
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VoIPVoice Integration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A02AEE90-9B8F-4159-A992-805E70ECF0EF}\setup.exe" -l0x9 -removeonly
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: 2500XP
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 113175
Source Name: Service Control Manager
Time Written: 20090601213107.000000+060
Event Type: error
User:

Computer Name: 2500XP
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 113172
Source Name: Service Control Manager
Time Written: 20090601213106.000000+060
Event Type: error
User:

Computer Name: 2500XP
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 113169
Source Name: Service Control Manager
Time Written: 20090601213106.000000+060
Event Type: error
User:

Computer Name: 2500XP
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 113166
Source Name: Service Control Manager
Time Written: 20090601213106.000000+060
Event Type: error
User:

Computer Name: 2500XP
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 113163
Source Name: Service Control Manager
Time Written: 20090601213106.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: 2500XP
Event Code: 35
Message: WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library because it returned invalid data: 0x0

Record Number: 17498
Source Name: WinMgmt
Time Written: 20090512220251.000000+060
Event Type: warning
User:

Computer Name: 2500XP
Event Code: 40
Message: WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_ASPNETApplications for Performance Library ASP.NET because error 0x80041001 was returned

Record Number: 17497
Source Name: WinMgmt
Time Written: 20090512220251.000000+060
Event Type: warning
User:

Computer Name: 2500XP
Event Code: 35
Message: WMI ADAP was unable to load the ASP.NET performance library because it returned invalid data: 0x0

Record Number: 17496
Source Name: WinMgmt
Time Written: 20090512220251.000000+060
Event Type: warning
User:

Computer Name: 2500XP
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20081.21709, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 17296
Source Name: Application Hang
Time Written: 20090413222638.000000+060
Event Type: error
User:

Computer Name: 2500XP
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.5700.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 17285
Source Name: Application Hang
Time Written: 20090410195153.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached Files

  • Attached File  Gmer.txt   10.89KB   1 downloads


#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:47 PM

Posted 03 June 2009 - 10:42 PM

some sites will just slow down to an unusable speed


Only some sites will slow down the speed? Which one? Honestly speaking, I have the same experience with some sites though. :thumbup2:

There is no outstanding object on your logs right now. Ok!! Let's make some maintenance and check if we can get some clues and make improvements.


Step1

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step2


Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


Step3

We need to repair some of windows' internal registration settings
  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Posted Image
  • When the window looks like this, press the GO button in the bottom of the window.
    Posted Image
  • Exit/Close Dial-A-Fix
After that, please do the following:

Click Start>Run>Type CMD>A command prompt DOS window will open. Type/Paste ipconfig /flushdns and then press Enter to purge the DNS resolver cache.


Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Open IE, select Tools > Internet Options. Select the Connections tab.
  • If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
  • In the "Proxy Server" area, uncheck the check mark next to Use a proxy server for ....
  • Click OK.
  • Click Advanced tab and click on Reset button
  • In the Reset Internet Explorer Settings dialog box, click Reset to confirm.
In Firefox, go Tools > Options > Advanced > Network > Settings and tick 'No Proxy', then 'OK' your way out.


In you next reply, please post back:


1.Kas online scan report
2.New HJT log

Tell me how thins are going now.

#7 paulmonan

paulmonan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 07 June 2009 - 06:49 AM

Hello again,

I have put below the two logs you requested. My problem is mainly with hotmail and still exists, when I log in to msn hotmail, it will take minutes for my inbox to finally appear. This is the case on both home PCs, this PC we've been working on is the main PC which the Talktalk wireless router is connected to. However, i also have a fairly new Macbook, and on that it will not let me go past the login page for hotmail, I've tried it on Firefox and Safari but it always comes up with Connection Interrupted. This is the most common site i use and really need it to work, but there are other sites that seem to slow down and don't work on the Mac. My friend also has Talktalk and his works fine for all sites. I was recommended to try using Open DNS but I see that you recommended
using No Proxy for my DNS settings. i don't really know what this means anyway. I suspect that I may be able to fix it by going to the router settings page and doing something there. Not sure. Also, the KAS report came back with 2 infections as you will see below. Sorry for the long-winded response here but trying to give you as much info as I can.

Thanks again,
Paul.




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, June 5, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, June 04, 2009 22:00:15
Records in database: 2307595
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
W:\

Scan statistics:
Files scanned: 65702
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:51:56


File name / Threat name / Threats count
C:\Documents and Settings\Mum & Dad\Local Settings\Application Data\Identities\{FDB8CF14-E792-46AB-AF7E-B778F0F00345}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Wallon.a 2
C:\Documents and Settings\Mum & Dad\Local Settings\Temp\VEe7.tmp Infected: Trojan-Downloader.Win32.Agent.zdo 1

The selected area was scanned.










Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:06, on 07/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\WINDOWS\V0230Mon.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mum & Dad\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8484
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [(AudioSrv) ] "C:\Program Files\Ahead\bin\xmlprov.exe" /set
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeuk.net/
O16 - DPF: {0A742471-6B4B-4419-A0B2-68E4A9FF5ACD} (BTLocalAPI.BTlocal) - file:///C:/ActivLite_ECDLXP_E/btlocal3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Update Service (gupdate1c9dfd69f4d0450) (gupdate1c9dfd69f4d0450) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: Creative VF0230 RunApp Service (VF0230Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\V0230Srv.exe
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\Program Files\Ahead\bin\xmlprov.exe (file missing)

--
End of file - 9290 bytes

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:47 PM

Posted 07 June 2009 - 01:45 PM

Hi paulmonan,



I was recommended to try using Open DNS but I see

Not for now.

Step1

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
C:\Documents and Settings\Mum & Dad\Local Settings\Application Data\Identities\{FDB8CF14-E792-46AB-AF7E-B778F0F00345}\Microsoft\Outlook Express\Deleted Items.dbx 
C:\Documents and Settings\Mum & Dad\Local Settings\Temp\VEe7.tmp
C:\Program Files\Ahead\bin\xmlprov.exe
C:\LOG11.tmp

Driver::
Windows Audio (AudioSrv)

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"(AudioSrv)"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180sa]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\skynetave.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NT Logging Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft System Checkup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Soulseek\slsk.exe"=-
"C:\StubInstaller.exe"=-
"C:\Program Files\Ares Lite Edition\Ares.exe"=-
"C:\Program Files\LimeWire\LimeWire.exe"=-

Folder::
C:\Program Files\GamesBar
C:\Program Files\LimeWire

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:8484
uInternet Settings,ProxyOverride = <local>;*.local
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step2

Please close all browsers and other windows while running GooredFix.
  • Please download GooredFix and save it to your Desktop.
  • Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
Note: Do not run Option #2 yet.

In your next reply, please post back:


1.Combofix log
2.GooredFix log
3.RIST log

Tell me how your pc is running now.

#9 paulmonan

paulmonan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 08 June 2009 - 03:22 PM

Hi there, i have posted the 2 logs below. not much change in the way the internet runs.


ComboFix 09-06-07.07 - Mum & Dad 08/06/2009 21:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.224 [GMT 1:00]
Running from: c:\documents and settings\Mum & Dad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mum & Dad\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Mum & Dad\Local Settings\Application Data\Identities\{FDB8CF14-E792-46AB-AF7E-B778F0F00345}\Microsoft\Outlook Express\Deleted Items.dbx"
"c:\documents and settings\Mum & Dad\Local Settings\Temp\VEe7.tmp"
"C:\LOG11.tmp"
"c:\program files\Ahead\bin\xmlprov.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mum & Dad\Local Settings\Application Data\Identities\{FDB8CF14-E792-46AB-AF7E-B778F0F00345}\Microsoft\Outlook Express\Deleted Items.dbx
c:\documents and settings\Mum & Dad\Local Settings\Temp\VEe7.tmp
C:\LOG11.tmp
c:\program files\Ahead\bin\xmlprov.exe
c:\program files\GamesBar
c:\program files\LimeWire
c:\program files\LimeWire\clink.pack
c:\program files\LimeWire\commons-httpclient.pack
c:\program files\LimeWire\commons-logging.pack
c:\program files\LimeWire\commons-net.pack
c:\program files\LimeWire\commons-pool.pack
c:\program files\LimeWire\daap.pack
c:\program files\LimeWire\foxtrot.pack
c:\program files\LimeWire\httpcore-nio.pack
c:\program files\LimeWire\httpcore.pack
c:\program files\LimeWire\icu4j.pack
c:\program files\LimeWire\id3v2.pack
c:\program files\LimeWire\jcraft.pack
c:\program files\LimeWire\jdic.pack
c:\program files\LimeWire\jdic_stub.pack
c:\program files\LimeWire\jl011.pack
c:\program files\LimeWire\jmdns.pack
c:\program files\LimeWire\lib\UnpackedJars.7z
c:\program files\LimeWire\LimeWire.jar.tmp
c:\program files\LimeWire\log4j.pack
c:\program files\LimeWire\looks.pack
c:\program files\LimeWire\MessagesBundles.pack
c:\program files\LimeWire\mp3sp14.pack
c:\program files\LimeWire\ProgressTabs.pack
c:\program files\LimeWire\themes.pack
c:\program files\LimeWire\tritonus.pack
c:\program files\LimeWire\vorbis.pack
c:\windows\system\oeminfo.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_AUDIO_(AUDIOSRV)_
-------\Service_Windows Audio (AudioSrv)


((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-07 11:07 . 2009-06-08 20:04 -------- d-----w- c:\windows\system32\CatRoot2
2009-06-03 19:09 . 2009-06-03 19:10 -------- d-----w- c:\program files\trend micro
2009-06-03 19:09 . 2009-06-03 19:10 -------- dc----w- C:\rsit
2009-05-29 16:48 . 2009-05-29 16:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-28 20:55 . 2009-05-28 20:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-28 20:54 . 2009-05-28 20:54 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 20:17 . 2009-03-14 11:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-04 20:17 . 2009-04-05 20:06 152576 ----a-w- c:\documents and settings\Mum & Dad\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-01 20:36 . 2005-10-13 10:40 -------- d-----w- c:\program files\Java
2009-06-01 20:28 . 2006-02-27 20:59 -------- d-----w- c:\program files\Google
2009-05-09 10:31 . 2009-03-21 10:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-09 10:31 . 2009-03-21 10:14 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-09 10:31 . 2007-01-18 12:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-09 10:30 . 2009-03-21 10:14 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-20 20:43 . 2008-09-16 19:28 -------- d-----w- c:\documents and settings\Mum & Dad\Application Data\U3
2009-04-05 17:55 . 2009-04-05 17:55 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-03-14 11:37 . 2009-03-14 11:37 503808 ----a-w- c:\documents and settings\Mum & Dad\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-6eebfd86-n\msvcp71.dll
2009-03-14 11:37 . 2009-03-14 11:37 499712 ----a-w- c:\documents and settings\Mum & Dad\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-6eebfd86-n\jmc.dll
2009-03-14 11:37 . 2009-03-14 11:37 348160 ----a-w- c:\documents and settings\Mum & Dad\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-6eebfd86-n\msvcr71.dll
2009-03-14 11:35 . 2009-01-25 12:07 152576 ----a-w- c:\documents and settings\Mum & Dad\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-02 4616192]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX3200"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-06 32768]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-09 1947928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-04 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-05 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-04-02 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 10:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1921:UDP"= 1921:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"1920:UDP"= 1920:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"8484:TCP"= 8484:TCP:TINYPROXY
"53:TCP"= 53:TCP:TINYPROXY

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/03/2009 11:14 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/03/2009 11:14 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/03/2009 11:14 298776]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
S2 gupdate1c9dfd69f4d0450;Google Update Service (gupdate1c9dfd69f4d0450);c:\program files\Google\Update\GoogleUpdate.exe [28/05/2009 21:55 133104]
S3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [16/01/2007 00:22 15232]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [26/01/2007 00:41 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [26/01/2007 00:41 500480]
S3 VF0230Srv;Creative VF0230 RunApp Service;c:\windows\system32\V0230Srv.exe [26/01/2007 00:41 8192]
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-06-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-28 20:54]

2009-06-08 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 20:55]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-(AudioSrv) - c:\program files\Ahead\bin\xmlprov.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
DPF: {0A742471-6B4B-4419-A0B2-68E4A9FF5ACD} - file:///C:/ActivLite_ECDLXP_E/btlocal3.cab
FF - ProfilePath - c:\documents and settings\Mum & Dad\Application Data\Mozilla\Firefox\Profiles\090080pr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 21:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSvc.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-08 21:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 20:15

Pre-Run: 48,814,489,600 bytes free
Post-Run: 49,013,342,208 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

211 --- E O F --- 2009-05-12 22:16


GooredFix v1.92 by jpshortstuff
Log created at 21:18 on 08/06/2009 running Option #1 (Mum & Dad)
Firefox version 3.0.10 (en-GB)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:47 PM

Posted 08 June 2009 - 08:27 PM

Hi paulmonan,


Did you install new program while you can't access hotmail? Especially, some programs didn't download from the original websites, or via P2P programs such as Google Earth,etc? If tha't the case, you need to

uninstall Google Earth via Add/Remove Programs for temporarily and delete the related folder in C:\Program Files\Google. You can reinstall it after your system is clean. After that, please do the following:


Step1
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
C:\WINDOWS\System32\drivers\etc\hosts

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Soulseek\\slsk.exe"=-
"c:\\StubInstaller.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8484:TCP"=- 
"53:TCP"=-

Folder::
c:\Program Files\Soulseek


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Step2

Please download the HostsXpert from Here
  • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • If the Hosts file does not exist, you will be prompted to create a new one. Just press "Ok". Exit the HostsXpert.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Step3

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In your next reply, please post back:


1.Combofix log
2.OTL log

Tell me how things are going now.

#11 paulmonan

paulmonan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 09 June 2009 - 03:30 PM

Once again, thanks for your time on this. I've deleted google earth and it's programme files as well as Safari, I think I installed that recently as well.

The combofix log and the 2 others are as follows...

ComboFix 09-06-07.07 - Mum & Dad 09/06/2009 18:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.213 [GMT 1:00]
Running from: c:\documents and settings\Mum & Dad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mum & Dad\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\System32\drivers\etc\hosts"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Soulseek
c:\program files\Soulseek\attrstrings.cfg
c:\program files\Soulseek\autoaway.cfg
c:\program files\Soulseek\chatrooms.cfg
c:\program files\Soulseek\chatui.cfg
c:\program files\Soulseek\dlbans.cfg
c:\program files\Soulseek\extensions.cfg
c:\program files\Soulseek\hotlist.cfg
c:\program files\Soulseek\ignores.cfg
c:\program files\Soulseek\login.cfg
c:\program files\Soulseek\message.wav
c:\program files\Soulseek\pchat.cfg
c:\program files\Soulseek\port.cfg
c:\program files\Soulseek\queue.cfg
c:\program files\Soulseek\queue2.cfg
c:\program files\Soulseek\rcmnd.cfg
c:\program files\Soulseek\Readme.txt
c:\program files\Soulseek\save.cfg
c:\program files\Soulseek\search.cfg
c:\program files\Soulseek\shared.cfg
c:\program files\Soulseek\slsk.exe
c:\program files\Soulseek\ticker.cfg
c:\program files\Soulseek\transfersview.cfg
c:\program files\Soulseek\ui.cfg
c:\program files\Soulseek\uninstall.exe
c:\program files\Soulseek\userinfo.cfg
c:\program files\Soulseek\usernotes.cfg
c:\program files\Soulseek\wishlist.cfg
c:\windows\System32\drivers\etc\hosts

.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-07 11:07 . 2009-06-09 17:11 -------- d-----w- c:\windows\system32\CatRoot2
2009-06-03 19:09 . 2009-06-03 19:10 -------- d-----w- c:\program files\trend micro
2009-06-03 19:09 . 2009-06-03 19:10 -------- dc----w- C:\rsit
2009-05-29 16:48 . 2009-05-29 16:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-28 20:55 . 2009-05-28 20:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-28 20:54 . 2009-05-28 20:54 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 20:17 . 2009-03-14 11:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-04 20:17 . 2009-04-05 20:06 152576 ----a-w- c:\documents and settings\Mum & Dad\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-01 20:36 . 2005-10-13 10:40 -------- d-----w- c:\program files\Java
2009-05-09 10:31 . 2009-03-21 10:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-09 10:31 . 2009-03-21 10:14 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-09 10:31 . 2007-01-18 12:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-09 10:30 . 2009-03-21 10:14 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-20 20:43 . 2008-09-16 19:28 -------- d-----w- c:\documents and settings\Mum & Dad\Application Data\U3
2009-04-05 17:55 . 2009-04-05 17:55 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-03-14 11:37 . 2009-03-14 11:37 503808 ----a-w- c:\documents and settings\Mum & Dad\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-6eebfd86-n\msvcp71.dll
2009-03-14 11:37 . 2009-03-14 11:37 499712 ----a-w- c:\documents and settings\Mum & Dad\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-6eebfd86-n\jmc.dll
2009-03-14 11:37 . 2009-03-14 11:37 348160 ----a-w- c:\documents and settings\Mum & Dad\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-6eebfd86-n\msvcr71.dll
2009-03-14 11:35 . 2009-01-25 12:07 152576 ----a-w- c:\documents and settings\Mum & Dad\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-08_20.10.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-09 16:54 . 2009-06-09 16:54 16384 c:\windows\Temp\Perflib_Perfdata_760.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-02 4616192]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX3200"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-06 32768]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-09 1947928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-04 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-05 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-04-02 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 10:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1921:UDP"= 1921:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"1920:UDP"= 1920:UDP:Windows Media Format SDK (IEXPLORE.EXE)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/03/2009 11:14 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/03/2009 11:14 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/03/2009 11:14 298776]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
S3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [16/01/2007 00:22 15232]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [26/01/2007 00:41 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [26/01/2007 00:41 500480]
S3 VF0230Srv;Creative VF0230 RunApp Service;c:\windows\system32\V0230Srv.exe [26/01/2007 00:41 8192]
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
DPF: {0A742471-6B4B-4419-A0B2-68E4A9FF5ACD} - file:///C:/ActivLite_ECDLXP_E/btlocal3.cab
FF - ProfilePath - c:\documents and settings\Mum & Dad\Application Data\Mozilla\Firefox\Profiles\090080pr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 18:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-09 18:19
ComboFix-quarantined-files.txt 2009-06-09 17:19
ComboFix2.txt 2009-06-08 20:15

Pre-Run: 48,999,432,192 bytes free
Post-Run: 48,998,739,968 bytes free

159 --- E O F --- 2009-05-12 22:16



OTL logfile created on: 09/06/2009 20:51:50 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Mum & Dad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5700.6)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 229.22 Mb Available Physical Memory | 44.81% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.44% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 45.61 Gb Free Space | 59.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 2500XP
Current User Name: Mum & Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2003/08/05 06:59:54 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/07/01 04:05:00 | 00,074,752 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
PRC - [2009/05/09 11:30:52 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2006/09/06 18:01:00 | 00,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0230Mon.exe
PRC - [2007/10/12 09:33:16 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtcmd.exe
PRC - [2009/02/27 18:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/01/05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/04 21:17:46 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2002/01/29 14:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
PRC - [2002/07/17 03:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2009/06/04 21:17:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/10/12 09:33:38 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
PRC - [2007/08/02 14:42:14 | 00,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
PRC - [2009/05/20 20:05:15 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/09 11:30:59 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/08/23 00:16:58 | 00,620,032 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/06/09 20:51:17 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mum & Dad\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/04/18 19:38:55 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/09 11:30:52 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2002/01/29 14:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Running])
SRV - [2002/07/17 03:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - File not found -- -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/06/04 21:17:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/03/22 13:06:12 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
SRV - [2007/10/12 09:33:38 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk [Auto | Running])
SRV - [2007/08/02 14:42:16 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [On_Demand | Stopped])
SRV - [2007/08/02 14:42:14 | 00,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk [Auto | Running])
SRV - [2006/03/15 18:00:00 | 00,008,192 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\V0230Srv.exe -- (VF0230Srv [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2003/12/08 12:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\system32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
DRV - [2003/12/08 12:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\system32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
DRV - [2003/08/07 15:15:06 | 00,404,608 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])
DRV - [2003/08/19 12:48:30 | 00,455,803 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [1999/09/10 12:06:00 | 00,025,244 | R--- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.bak -- (Aspi32 [Auto | Running])
DRV - [2009/05/09 11:31:13 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/05/09 11:31:13 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/09 11:30:55 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2008/04/13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2002/05/10 14:31:48 | 00,633,220 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\Intels51.sys -- (Intels51 [On_Demand | Running])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 15:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2003/04/02 08:40:00 | 01,265,130 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/27 13:52:00 | 00,080,896 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENET.sys -- (NVENET [On_Demand | Running])
DRV - [2003/03/19 08:51:00 | 00,018,688 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running])
DRV - [2003/03/31 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2004/08/21 11:37:22 | 00,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\System32\STEC3.sys -- (STEC3 [Auto | Running])
DRV - [2005/12/12 12:56:00 | 00,015,232 | R--- | M] (Micronas GmbH) -- C:\WINDOWS\system32\DRIVERS\uac4pdt.sys -- (uac4pdt [On_Demand | Stopped])
DRV - [2008/07/10 09:35:22 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/03/23 18:00:00 | 00,006,272 | R--- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys -- (V0230Vfx [On_Demand | Stopped])
DRV - [2006/09/28 18:01:00 | 00,500,480 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\V0230VID.sys -- (V0230VID [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-796845957-1935655697-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-796845957-1935655697-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-796845957-1935655697-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-796845957-1935655697-839522115-1004\S-1-5-21-796845957-1935655697-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: " [url="http://www.google.co.uk""]http://www.google.co.uk"[/url]
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/05/10 11:34:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/06/04 21:17:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/12 21:30:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/12 21:30:22 | 00,000,000 | ---D | M]

[2009/04/16 16:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mum & Dad\Application Data\mozilla\Extensions
[2009/04/16 16:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mum & Dad\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/02/05 19:09:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mum & Dad\Application Data\mozilla\Firefox\Profiles\090080pr.default\extensions
[2009/06/04 21:18:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/12 21:30:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/24 21:47:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/06/04 21:18:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/05/12 21:30:03 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/12 21:30:03 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/12 21:30:15 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/05/12 21:30:15 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/12 21:30:15 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/05/12 21:30:15 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/12 21:30:15 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/05/12 21:30:15 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/12 21:30:15 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/12 21:30:15 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-796845957-1935655697-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk (SupportSoft, Inc.)
O4 - HKLM..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe (Creative Technology Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1935655697-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1935655697-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-1935655697-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-1935655697-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-796845957-1935655697-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0A742471-6B4B-4419-A0B2-68E4A9FF5ACD} file:///C:/ActivLite_ECDLXP_E/btlocal3.cab (BTLocalAPI.BTlocal)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.parallelgraphics.com/l2/bin/cortvrml.cab (ParallelGraphics Cortona Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/08 15:57:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/09 20:51:17 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[7 C:\*.tmp files]
[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/06/09 20:51:08 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mum & Dad\Desktop\OTL.exe
[2009/06/09 20:50:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mum & Dad\Desktop\HostsXpert
[2009/06/09 18:20:30 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/06/09 18:19:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mum & Dad\Local Settings\temp
[2009/06/09 18:10:33 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/06/08 21:17:39 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\Mum & Dad\Desktop\GooredFix.exe
[2009/06/08 21:01:20 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/06/08 21:01:11 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/06/08 21:01:05 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/06/08 20:59:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/06/08 20:59:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/06/08 20:59:30 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/06/08 20:59:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/06/08 20:59:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/06/08 20:59:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/06/08 20:59:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/06/08 20:59:30 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/06/08 20:59:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/08 20:59:20 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/06/08 20:52:33 | 03,019,822 | R--- | C] () -- C:\Documents and Settings\Mum & Dad\Desktop\ComboFix.exe
[2009/06/07 12:36:05 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Mum & Dad\Desktop\HijackThis.exe
[2009/06/07 12:07:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/06/07 12:05:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mum & Dad\Desktop\Dial-a-fix-v0.60.0.24
[2009/06/03 20:09:51 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/06/03 20:09:50 | 00,000,000 | ---D | C] -- C:\rsit
[2009/06/01 22:49:09 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Mum & Dad\Desktop\RSIT.exe
[2009/06/01 21:40:45 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Mum & Dad\Desktop\gmer.exe
[2009/05/28 21:54:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2008/03/22 13:22:11 | 00,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2006/07/12 10:21:08 | 00,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2006/07/12 10:17:42 | 00,102,912 | R--- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL
[2006/05/24 20:39:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/09/15 19:03:39 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2005/09/13 23:44:19 | 00,002,202 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/03/22 00:26:10 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/02/25 12:24:32 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2004/11/20 18:55:43 | 00,000,199 | ---- | C] () -- C:\WINDOWS\swacnfg.ini
[2004/11/16 17:37:33 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2004/11/08 22:23:36 | 00,000,140 | ---- | C] () -- C:\WINDOWS\ft3.ini
[2004/10/26 20:16:03 | 00,000,100 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/08/21 11:53:02 | 00,000,066 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2004/05/19 11:25:42 | 00,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI
[2004/05/17 21:28:56 | 00,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2004/05/17 19:36:07 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/01/19 20:31:09 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2003/11/23 16:03:22 | 00,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2003/11/23 16:03:22 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2003/11/23 16:02:14 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2003/11/23 16:02:14 | 00,000,072 | R--- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2003/11/23 16:00:41 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2003/11/23 16:00:41 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2003/11/23 16:00:41 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2003/11/22 13:46:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/08 16:15:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/08 16:13:41 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2003/03/31 13:00:00 | 00,000,720 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 13:00:00 | 00,000,254 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[7 C:\*.tmp files]
[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/06/09 20:51:17 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mum & Dad\Desktop\OTL.exe
[2009/06/09 20:50:15 | 00,000,698 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/06/09 20:49:09 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/09 20:48:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/09 20:47:58 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Mum & Dad\Local Settings\desktop.ini
[2009/06/09 20:47:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/09 18:16:21 | 00,000,254 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/09 17:56:26 | 36,945,705 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/09 17:56:26 | 00,066,403 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/08 21:17:39 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\Mum & Dad\Desktop\GooredFix.exe
[2009/06/08 21:01:20 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/06/08 20:52:33 | 03,019,822 | R--- | M] () -- C:\Documents and Settings\Mum & Dad\Desktop\ComboFix.exe
[2009/06/08 20:47:03 | 00,000,371 | ---- | M] () -- C:\Documents and Settings\Mum & Dad\Desktop\Google.url
[2009/06/08 08:10:10 | 00,155,136 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/06/07 12:08:26 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/06/07 12:08:26 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/06/04 21:42:31 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/01 22:49:09 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Mum & Dad\Desktop\RSIT.exe
[2009/05/13 12:32:20 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/12 22:01:17 | 00,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/12 22:01:10 | 00,476,812 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/12 22:01:10 | 00,406,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/12 22:01:10 | 00,063,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Mum & Dad\Desktop\Google.url:favicon
< End of report >


OTL Extras logfile created on: 09/06/2009 20:51:50 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Mum & Dad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5700.6)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 229.22 Mb Available Physical Memory | 44.81% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.44% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 45.61 Gb Free Space | 59.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 2500XP
Current User Name: Mum & Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-796845957-1935655697-839522115-1004\SOFTWARE\Classes\<extension>]
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1921:UDP" = 1921:UDP:*:Enabled:Windows Media Format SDK (IEXPLORE.EXE)
"1920:UDP" = 1920:UDP:*:Enabled:Windows Media Format SDK (IEXPLORE.EXE)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/11/22 23:50:04 | 03,234,880 | ---- | M] (SightSpeed Inc.) -- C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed
[2006/12/18 18:32:52 | 25,365,032 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2007/11/02 17:36:54 | 05,223,752 | ---- | M] (Pando Networks) -- C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:pando
[2007/08/24 09:14:14 | 01,004,832 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe
[2007/08/02 14:42:14 | 00,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe
[2007/08/24 09:14:22 | 01,004,832 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe
[2007/10/12 09:33:16 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe
[2009/05/09 11:29:58 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/05/09 11:30:59 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/03/12 20:56:54 | 13,498,664 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{2F8C106A-7DFC-45DE-8006-F9145AADF1D8}" = iPod Updater 2004-08-06
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{40A2D170-A4EB-4611-8181-63127606BAEF}" = Speech Redistributables
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{537E9349-D9C6-4075-8CC2-6C1DA729B892}" = VoIPVoice Integration
"{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}" = ArcSoft PhotoImpression 4
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6EE738C2-0ECE-4917-B62D-D3061A6B29E7}" = Skype Integration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A1E184F-E4EC-4596-B9A7-52437DC73A14}" = Digimax A7
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9391F2BC-B6F3-4AAC-82CC-5A74A4ED388E}" = EPSON Photo Print
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{A02AEE90-9B8F-4159-A992-805E70ECF0EF}" = VoIPVoice Integration
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}" = Pando
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Activ ECDL & Unit E" = Activ ECDL & Unit E
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Video FX Engine" = Advanced Video FX Engine
"AVG8Uninstall" = AVG 8.5
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam Video IM Pro User's Guide English" = Creative Live! Cam Video IM Pro User's Guide (English)
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0230" = Creative Live! Cam Video IM Pro Driver (1.01.03.0928)
"Director 8.5 Shockwave Studio" = Director 8.5 Shockwave Studio
"DIVXCodec" = -(/'|'\)- DivX Codec 3.11a Codec -(/'|'\)-
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{2F8C106A-7DFC-45DE-8006-F9145AADF1D8}" = iPod Updater 2004-08-06
"LHTTSENG" = L&H TTS3000 British English
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SightSpeed" = SightSpeed (remove only)
"Skype_is1" = Skype 3.0
"Soulseek" = SoulSeek Client 156c
"SysInfo" = Creative System Information
"ToolBand.SkypeIEToolbarToolbar" = Skype add-on for IE
"VideoEgg" = VideoEgg Publisher
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/03/2009 15:07:03 | Computer Name = 2500XP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5700.6, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/03/2009 06:49:22 | Computer Name = 2500XP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/03/2009 07:43:49 | Computer Name = 2500XP | Source = Application Hang | ID = 1002
Description = Hanging application mshta.exe, version 7.0.5700.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 14/03/2009 07:44:42 | Computer Name = 2500XP | Source = Application Hang | ID = 1002
Description = Hanging application mshta.exe, version 7.0.5700.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/04/2009 14:51:53 | Computer Name = 2500XP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5700.6, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/04/2009 17:26:38 | Computer Name = 2500XP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20081.21709, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/05/2009 14:03:54 | Computer Name = 2500XP | Source = Application Hang | ID = 1002
Description = Hanging application bcont_nm.exe, version 6.9.2570.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/05/2009 14:09:27 | Computer Name = 2500XP | Source = Application Hang | ID = 1002
Description = Hanging application bcont.exe, version 6.9.2570.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/05/2009 14:13:36 | Computer Name = 2500XP | Source = Application Hang | ID = 1002
Description = Hanging application bcont_nm.exe, version 6.9.2570.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 01/06/2009 16:33:34 | Computer Name = 2500XP | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 12 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action FilesInUseDialog,
location: C:\WINDOWS\Installer\MSI32.tmp, command: C:\Program Files\Java\jre6\

[ System Events ]
Error - 09/06/2009 13:08:02 | Computer Name = 2500XP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 09/06/2009 13:08:02 | Computer Name = 2500XP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 09/06/2009 13:08:02 | Computer Name = 2500XP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 09/06/2009 13:08:02 | Computer Name = 2500XP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 09/06/2009 13:08:02 | Computer Name = 2500XP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 09/06/2009 13:08:02 | Computer Name = 2500XP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 09/06/2009 13:08:02 | Computer Name = 2500XP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 09/06/2009 13:11:39 | Computer Name = 2500XP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 09/06/2009 13:15:37 | Computer Name = 2500XP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 09/06/2009 13:15:38 | Computer Name = 2500XP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.


< End of report >



There's no change in my internet problems.

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:47 PM

Posted 09 June 2009 - 09:36 PM

Hi paulmonan,


Step1
  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :otl
    PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll File not found
    O3 - HKU\S-1-5-21-796845957-1935655697-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    
    :Files
    C:\Program Files\PartyGaming
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.
Step2
  • Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from Here :
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close. Exit the program.
Step3

Download AVZ4 from here :
  • Unzip the file and place it on your desktop.
  • Open the avz4 folder and doubleclick avz.exe to start the tool.
  • On top in the menu, click File menu, Click "Database Update" and Press "Start" button and let it run.
  • After that, please click System Restore from File menu and select the following.

    Reset Internet Explorer setting of Protocol Prefixes to default (Choice #2)
    Restore Internet Explorer start page (Choice #3)
    Reset Internet Explore search setting to default (Choice #4)


  • Click the "Execute selected Operations" button below.
  • Close avz.exe.
  • Reboot your PC.
From now on, unplug your internet acces from router or modem and do the following.

Click Start>Run>Type CMD>A command prompt DOS window will open. Type/Paste ipconfig /flushdns and then press Enter to purge the DNS resolver cache.

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Open IE, select Tools > Internet Options. Select the Connections tab.
  • If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
  • In the "Proxy Server" area, uncheck the check mark next to Use a proxy server for ....
  • Click OK.
  • Click Privacy tab and press Sites button, click Remove all button if there are some urls out there.
  • Click Advanced tab and click on Reset button
  • In the Reset Internet Explorer Settings dialog box, click Reset to confirm.
In Firefox, go Tools > Options > Advanced > Network > Settings and tick 'No Proxy', then 'OK' your way out.

If you have two pcs can't access hotmail properly with the same router, you should unplug the internet access of another pc from router.

After that, What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.

Now, plug your internet access. Restart your IE and test if you can access hotmail normally. If not, please close your IE and right-click on the IE shortcut icon and select the start without add-ons option and check if you can access it properly.


Tell me how it goes. :thumbup2:

Edited by sundavis, 10 June 2009 - 12:13 AM.


#13 paulmonan

paulmonan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 10 June 2009 - 02:35 PM

Hi,

My hotmail problem is still the same. The problem is that on my 2 PCs, I can access the sign in page straight away, but when I sign in it will take ages to go to the inbox, around 2mins. With my macbook, it is the same, except I can access the sign in page but when I sign in it will come up connection interruption . Hotmail is my most commonly used site but there are a few other sites that have similar behaviour.

My internet connection does not have a password for me to connect, you said to change the username and password, I don't know how to do this. When I got my laptop I was able to connect to this talktalk broadband without having to sign in or anything. I feel i should definitely have a password to connect. How do you do this?

All the other stages of your last post was completed and the log is below, however, I don't have an IE shortcut on my desktop or in my programmes menu, I must have deleted this some time ago by mistake - the way I access IE is by clicking on the shortcut to google which I have created on my desktop, but I normally use firefox. So I couldn't try IE without add-ons.

========== OTL ==========
Process Explorer.EXE killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-796845957-1935655697-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
========== FILES ==========
File\Folder C:\Program Files\PartyGaming not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_9c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTL by OldTimer - Version 2.1.1.0 log created on 06102009_175955

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_9c.dat not found!

Registry entries deleted on Reboot...


On the file above... File\Folder C:\Program Files\PartyGaming it says not found, I deleted this my self before the scan as I don't use party poker.

#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:47 PM

Posted 10 June 2009 - 09:01 PM

Hi paulmonan,



How to set your wireless router---> http://www.microsoft.com/athome/moredone/wirelesssetup.mspx

How to configure your password--> http://www.microsoft.com/windowsxp/using/n...p/wireless.mspx

Did you hard reset your router? I need to know every steps you have done properly and troubleshot the problems you're experiencing.

the way I access IE is by clicking on the shortcut to google which I have created on my desktop


That is abnormal. Which google product? I suppose we had uninstalled all google related programs? We need to uninstall any google related programs via Add/Remove Progrrams and delete google folders from the following filepath. Those fake google products have been outrageous lately. Especially, the related products are not downloaded directly from google websites or downloaded files from undocumented sources via P2P channels are sure things to get infected. You can reinstall it after your machine is clean. You may need to show all files and delete the google folders and updater.

c:\documents and settings\NetworkService\Local Settings\Application Data\Google
c:\documents and settings\LocalService\Local Settings\Application Data\Google
c:\documents and settings\All Users\Application Data\Google Updater

Then, delete the shortcut icon on your desk. Click Satrt>All Programs>Accessories>System Tools>Internet Explorer (No Add-ons). start your IE and check if you can access hotmail properly.

If you need to create IE shortcut, please go to C:\Program Files\Internet Explorer folder, right click the ie icon and click send to Desktop(create shortcut).

Tell me how it goes. :thumbup2:

Please rerun ATF-Cleaner as instructed in my previous post and go to the following thread to clean cache and enable cookies, javaScript or remove corrupted cookies if you don't know how:

http://support.mozilla.com/en-US/kb/Cannot...+in+to+websites

http://support.mozilla.com/en-US/kb/JavaScript


Start your FF >Tools>options>In startup menu, set your homepage to http://www.msn.com/ and select show my homepage. Then go to>Tools menu> Clear Private data , check all boxes and press clear private data now button.

Please close all your browsers. Click on Start / Run, Enter the following command:

firefox -safe-mode

Click Continue In Safe Mode. This starts Firefox in its Safe Mode. While you are in Safe Mode, your settings will reverted back to their defaults. Tell me if you can access hotmail normally.

If not, go to next step.

Keep going to firefox in Safe Mode.

In the open window, check the following boxes.

Disable all add-ons
Reset Toolbars and Controls
Reset all your user preferences to FireFox Defaults
Restore Default Search Engines.

Click on 'Make the changes and restart" Then, start your FF to test if you can access hotmail.


Tell me how it went. Detail the problems you're experiencing. :)

Edited by sundavis, 10 June 2009 - 10:27 PM.


#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:47 PM

Posted 12 June 2009 - 10:32 PM

Hi paulmonan,


How things are going now? Still with us? :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users