Jump to content

BillS7718

Members
 View Profile  See their activity

  • Posts

    19

  • Joined

  • Last visited

 Content Type 

Everything posted by BillS7718

  1. BillS7718
    I have already had 2-IP Blocks today.. 5-yesterday...
  2. BillS7718
    I posted the new log earlier today... Do you really think this is a problem? or, just random attacks? One think I may/may not have said: I use Port Fowarding on my Router to allow me to Remote Desktop in... However, I do not use the standard Port - I have assigned a custom one... That would mean that not only do these websites guess my IP address they have also guessed the Port????
  3. BillS7718
    New logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:50:48, on 13/12/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgfws.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\DKabcoms.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe C:\Program Files\AVG\AVG10\avgam.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Wessex Systems\IPAddress\GetIPAddress.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\rdpclip.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe C:\Program Files\Actinic MU v7\Catalog.exe C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE C:\WINDOWS\system32\taskmgr.exe \ws01\Users\it.support\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: WebWhacker - {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - C:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwietb.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O15 - Trusted Zone: http://www.chasefreightjobentry.com O15 - Trusted Zone: http://www.parcelforce.net O15 - Trusted Zone: http://www.royalmail.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WessexSystems.local O17 - HKLM\Software\..\Telephony: DomainName = WessexSystems.local O17 - HKLM\System\CCS\Services\Tcpip\..\{164973F1-2088-41C0-BC3E-261BF8A6275E}: NameServer = 192.168.1.30,192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WessexSystems.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = WessexSystems.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = WessexSystems.local O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: dkab_device - - C:\WINDOWS\system32\DKabcoms.exe O23 - Service: Get IP Address (GetIPAddress) - Unknown owner - C:\Wessex Systems\IPAddress\GetIPAddress.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe O23 - Service: Wacom Professional Touch Service (TouchServiceWacom) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- End of file - 11665 bytes
  4. BillS7718
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:18:02, on 03/12/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgfws.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\DKabcoms.exe C:\Wessex Systems\IPAddress\GetIPAddress.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\AVG\AVG10\avgam.exe C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\GroupMail 5\GMSdlr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Spartan\Spartan.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe \ws01\Users\it.support\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe c:\program files\groupmail 5\gmmailer.exe C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\MoleEnd\1StopOrders\V75\ME_1StopOrders.exe C:\WINDOWS\system32\inetsrv\DavCData.exe C:\Program Files\Microsoft Works\WkDStore.exe C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\mstsc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Spartan\Spartan.exe \ws01\Users\it.support\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [GroupMail Scheduler] C:\Program Files\GroupMail 5\GMSdlr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-21-1608253415-3263508188-874254199-1005\..\Run: [iBP] (User '?') O4 - HKUS\S-1-5-21-1608253415-3263508188-874254199-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1608253415-3263508188-874254199-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?') O4 - HKUS\S-1-5-21-1608253415-3263508188-874254199-1005\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.0.37&build=Symantec&a=00000082.00000010.0000002f&b=00000082.00000010.00000030&c=00000082.00000045.0000011b (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = it.support\Application Data\Dropbox\bin\Dropbox.exe O4 - Startup: Spartan.lnk = Spartan\Spartan.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: WebWhacker - {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - C:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwietb.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O15 - Trusted Zone: http://www.chasefreightjobentry.com O15 - Trusted Zone: http://www.parcelforce.net O15 - Trusted Zone: http://www.royalmail.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WessexSystems.local O17 - HKLM\Software\..\Telephony: DomainName = WessexSystems.local O17 - HKLM\System\CCS\Services\Tcpip\..\{164973F1-2088-41C0-BC3E-261BF8A6275E}: NameServer = 192.168.1.30,192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WessexSystems.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = WessexSystems.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = WessexSystems.local O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: dkab_device - - C:\WINDOWS\system32\DKabcoms.exe O23 - Service: Get IP Address (GetIPAddress) - Unknown owner - C:\Wessex Systems\IPAddress\GetIPAddress.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe O23 - Service: Wacom Professional Touch Service (TouchServiceWacom) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- End of file - 17814 bytes
  5. BillS7718
    JRT.TXT ======= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.5.1 (11.25.2012) OS: Microsoft Windows XP x86 Ran by it.support on 26/11/2012 at 6:04:27.01 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\vProt Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs ~~~ Registry Keys Failed to delete: [Registry Key]"hkey_current_user\software\datamngr_toolbar" Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings" Successfully deleted: [Registry Key] "hkey_local_machine\software\babylon" Successfully deleted: [Registry Key] "hkey_local_machine\software\metastream" Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon" Successfully deleted: [Folder] "\\ws01\Users\it.support\Application Data\babylon" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 26/11/2012 at 6:10:37.23 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ATTACH.TXT ========== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 03/08/2005 00:25:05 System Uptime: 25/11/2012 12:25:32 (18 hours ago) . Motherboard: Dell Inc. | | 0GC068 Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3199/800mhz . ==== Disk Partitions ========================= . . ==== Installed Programs ====================== . A-PDF Image Extractor 2.0 AceFTP 3 Freeware Acronis True Image Home Actinic Link for Sage Line 50 Actinic MU v7 Actinic Payment Service Providers Component MU v7 Actinic Shared SSL Service Providers Component MU v7 Adobe Acrobat - Reader 6.0.2 Update Adobe Acrobat 6.0.1 Professional Adobe Acrobat and Reader 6.0.3 Update Adobe Acrobat and Reader 6.0.4 Update Adobe Acrobat and Reader 6.0.5 Update Adobe Acrobat and Reader 6.0.6 Update Adobe AIR Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Community Help Adobe Creative Suite 5 Design Premium Adobe Download Manager 2.0 (Remove Only) Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Reader 7.0.7 AFPL Ghostscript 8.53 AFPL Ghostscript Fonts Alien Skin Image Doctor 2 AlphaZIP Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoStudio 5.5 ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Control Panel ATI Display Driver AVG 2011 AVG Security Toolbar Banner Designer Pro v5.0 Blue Squirrel Grab-a-Site Blue Squirrel WebWhacker 5.0 Bonjour Camera Control Pro 2 Canon MP Navigator EX 1.0 Canon Utilities Solution Menu CanoScan LiDE 90 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center HydraVision Full Catalyst Control Center Localization All ccc-core-preinstall ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Code 128 Conversion Utility 1.1.1 Color Wheel Expert 4.5 Color Wheel Pro 2.0 ColorImpact version 2.8.7 Compatibility Pack for the 2007 Office system ControlMyNikon version 3.0 Corel Paint Shop Pro Photo X2 Corel Paint Shop Pro X Corel PaintShop Photo Pro X3 Creative MediaSource Crescent QuickPak 4.3 Critical Update for Windows Media Player 11 (KB959772) Crystal Button 2.8 Crystal Reports Dell Driver Download Manager Dell Driver Reset Tool Dell Media Experience Dell Media Experience Update Dell Picture Studio v3.0 Dell Software Uninstall Download Manager and Options Dropbox DualCalc v1.02a EmailUnlimited File Uploader FMS File Size 2.3 FolderSizes 5 Froogle Mash for Actinic GeoChart 2.0 Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper GroupMail :: Business Edition GroupMail :: SMS Add-on Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) IBP & ARELIS 9.5.1 IBP 10.1.2 IBP 11.9.1 IBP 12.0 ICA IDAutomation.com Code 39 Free Font Inspyder Web2Disk Trial InstallShield Express 2.11 Intel Matrix Storage Manager Internet Explorer Default Page IPM_PSP_CL IPM_PSP_COM iTunes J2SE Runtime Environment 5.0 Update 10 Janus GridEX 2000a - ActiveX Control Jasc Paint Shop Photo Album 5 Jasc Paint Shop Pro Studio, Dell Editon Java 2 Runtime Environment, SE v1.4.2_03 Java Auto Updater Longtion GIF Animator version 4.0 Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft AutoRoute 2005 Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Digital Image Library 9 - Blocker Microsoft Encarta Encyclopedia Standard 2005 Microsoft FrontPage Client - English Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Money Microsoft National Language Support Downlevel APIs Microsoft Office Live Add-in 1.5 Microsoft Office XP Media Content Microsoft Office XP Professional Microsoft Photo Premium 10 Microsoft Picture It! Library 10 Microsoft Publisher 2002 Microsoft Silverlight Microsoft SQL Server 2000 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Visual Studio .NET Enterprise Developer 2003 - English Microsoft Visual Studio 6.0 Enterprise Edition Microsoft Web Publishing Wizard 1.53 Microsoft Word 2002 Microsoft Works Microsoft Works 2005 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 8.0.1 (x86 en-GB) MSDN Library - April 2005 DVD MSDN Library - October 2001 MSVCRT MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) MyFonts Order M803081 MySQL Administrator 1.0 Nero Suite Netscape Browser (remove only) NetTracker 7.5 Enterprise Nikon Message Center 2 Nikon RAW Codec OGA Notifier 2.0.0048.0 One Stop Order Processing for Actinic OpenGL Extensions Viewer 4.0 ParcelForce Labels PC Connectivity Solution PDF Password Cracker v3.1 PDF Settings CS5 Picture Control Utility PowerDVD 5.5 Presto! PageManager 7.15.16 Print Server Driver Product Mash for Actinic PSPPContent PSPPRO_DCRAW QuickTime RegistryFix v5.0 RegistryFix v7.0 Safari Sage Line 50 ScanSoft OmniPage SE 4 ScriptFTP Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2124261) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2290570) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953155) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB970483) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975254) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976323) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Segoe UI SEO Report v1.0 Setup Shockwave Site Content Analyzer 2.2 Skins SmartDraw 2007 Sonic DLA Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sophos Anti-Rootkit 1.5.20 Sound Blaster Audigy 2 ZS Spartan SurfOffline Professional 2 TextPad 5 Turbo Lister 2 Tweak UI Ulead GIF Animator 5 TBYB Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB973874) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) ViewNX ViewNX 2 Vigo ActiveX Runtimes v1.0 Visual CSS QuickMenu Visual Studio .NET Enterprise Developer 2003 - English Visual Studio.NET Baseline - English Visustin v3 Visustin v3 (C:\Program Files\Visustin\) Wacom Tablet WebEx WebFldrs XP WebTablet FB Plugin WebTablet IE Plugin WebTablet Netscape Plugin Windows Defender Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool Windows Imaging Component Windows Installer Clean Up Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell 1.0 Windows Resource Kit Tools Windows XP Service Pack 3 WinZip Works Upgrade Yahoo! Detect . ==== End Of File =========================== DDS.TXT ======= DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_10 Run by it.support at 6:14:13 on 2012-11-26 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.1923 [GMT 0:00] . . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgfws.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\DKabcoms.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\system32\rdpclip.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\GroupMail 5\GMSdlr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe \\ws01\Users\it.support\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe C:\WINDOWS\system32\logon.scr C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Microsoft Works\WkDStore.exe C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe c:\program files\groupmail 5\gmmailer.exe C:\Wessex Systems\IPAddress\GetIPAddress.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uProxyOverride = <local>;*.local dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - <orphaned> BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: {9696B0EA-5D5B-410B-89C3-3B2B147430A2} - <orphaned> EB: {E16DC1FE-7C34-43F2-B754-F3AD12DDF97C} - <orphaned> EB: {EB9EDE30-C8CA-4428-B41E-BFCF5A6E6F37} - <orphaned> uRun: [GroupMail Scheduler] c:\program files\groupmail 5\GMSdlr.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [synchronization Manager] c:\windows\system32\mobsync.exe /logon mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r mRun: [CTHelper] CTHELPER.EXE mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE" mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\ATIPTAXX.EXE mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.5.0_10\bin\jusched.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\admini~1.wes\startm~1\programs\startup\dropbox.lnk - \\ws01\users\it.support\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\admini~1.wes\startm~1\programs\startup\spartan.lnk - c:\program files\spartan\Spartan.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - c:\program files\blue squirrel\webwhacker 5.0\art\wwietb.html IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553555000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: Interfaces\{164973F1-2088-41C0-BC3E-261BF8A6275E} : NameServer = 192.168.1.30,192.168.1.254 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: 0aMCPClient - <orphaned> SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll . ================= FIREFOX =================== . FF - ProfilePath - \\ws01\Users\it.support\Application Data\Mozilla\Firefox\Profiles\b6l4tlke.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\program files\mozilla firefox\components\qfaservices.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-8 26984] R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?] R2 GetIPAddress;Get IP Address;c:\wessex systems\ipaddress\GetIPAddress.exe [2006-9-27 24576] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-14 399432] R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2012-5-16 7218040] R2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\tablet\wacom\Wacom_TouchService.exe [2012-5-16 483704] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-10 676936] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-10 167264] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432] S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2012-5-16 11640] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-10 22856] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2012-5-16 55672] S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2012-5-16 13688] . =============== File Associations =============== . ShellExec: AlphaZip.exe: open="c:\progra~1\AlphaZIP/AlphaZIp.exe" "%1" ShellExec: dreamweaver.exe: open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-11-26 06:04:21 -------- d-----w- c:\windows\ERUNT 2012-11-26 06:04:14 -------- d-----w- C:\JRT 2012-11-26 01:42:42 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c1a2d5d8-af81-4d2c-9664-d1ce2fb90c76}\offreg.dll 2012-11-23 06:25:09 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c1a2d5d8-af81-4d2c-9664-d1ce2fb90c76}\mpengine.dll 2012-11-16 15:30:16 -------- d-----w- C:\ComboFix 2012-11-16 14:40:53 -------- d-sha-r- C:\cmdcons 2012-11-16 14:36:08 98816 ----a-w- c:\windows\sed.exe 2012-11-16 14:36:08 256000 ----a-w- c:\windows\PEV.exe 2012-11-16 14:36:08 208896 ----a-w- c:\windows\MBR.exe 2012-11-15 11:54:17 -------- d-----w- c:\program files\Dropbox 2012-11-15 11:49:46 -------- d-----w- \\ws01\Users\it.support\Application Data\Dropbox 2012-11-08 10:58:17 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-10-31 19:15:02 -------- d-----w- c:\program files\Spartan 2012-10-31 18:47:59 -------- d-----w- \\ws01\Users\it.support\Application Data\M8 Software 2012-10-31 16:25:29 -------- d-----w- c:\program files\Download Manager and Options . ==================== Find3M ==================== . 2012-11-24 16:11:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-24 16:11:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-03 09:15:04 715253 ----a-w- \\ws01\Users\it.support\Application Data\unins000.exe 2012-10-28 11:04:37 55296 ----a-w- c:\windows\system32\Crystl32.oca 2012-10-28 11:04:37 240128 ----a-w- c:\windows\system32\comctl32.oca 2012-10-28 11:04:36 265728 ----a-w- c:\windows\system32\mscomctl.oca 2012-10-28 11:04:35 158208 ----a-w- c:\windows\system32\GridEX20.oca 2012-10-28 11:04:35 146944 ----a-w- c:\windows\system32\Cstext32.oca 2012-10-28 11:04:34 39936 ----a-w- c:\windows\system32\Cscal32.oca 2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-20 10:01:05 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll 2012-10-01 17:32:10 264416 ----a-w- c:\windows\system32\GMMailer.dll 2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-17 15:28:04 34 ----a-w- c:\windows\wol.bat 2012-09-04 17:03:26 122901 -c--a-w- c:\windows\Product Mash for Actinic Uninstaller.exe 2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 6:17:30.11 ===============
  6. BillS7718
    Attach LOG: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 03/08/2005 00:25:05 System Uptime: 25/11/2012 12:25:32 (1 hours ago) . Motherboard: Dell Inc. | | 0GC068 Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3199/800mhz . ==== Disk Partitions ========================= . . ==== Installed Programs ====================== . A-PDF Image Extractor 2.0 AceFTP 3 Freeware Acronis True Image Home Actinic Link for Sage Line 50 Actinic MU v7 Actinic Payment Service Providers Component MU v7 Actinic Shared SSL Service Providers Component MU v7 Adobe Acrobat - Reader 6.0.2 Update Adobe Acrobat 6.0.1 Professional Adobe Acrobat and Reader 6.0.3 Update Adobe Acrobat and Reader 6.0.4 Update Adobe Acrobat and Reader 6.0.5 Update Adobe Acrobat and Reader 6.0.6 Update Adobe AIR Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Community Help Adobe Creative Suite 5 Design Premium Adobe Download Manager 2.0 (Remove Only) Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Reader 7.0.7 AFPL Ghostscript 8.53 AFPL Ghostscript Fonts Alien Skin Image Doctor 2 AlphaZIP Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoStudio 5.5 ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Control Panel ATI Display Driver AVG 2011 AVG Security Toolbar Banner Designer Pro v5.0 Blue Squirrel Grab-a-Site Blue Squirrel WebWhacker 5.0 Bonjour Camera Control Pro 2 Canon MP Navigator EX 1.0 Canon Utilities Solution Menu CanoScan LiDE 90 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center HydraVision Full Catalyst Control Center Localization All ccc-core-preinstall ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Code 128 Conversion Utility 1.1.1 Color Wheel Expert 4.5 Color Wheel Pro 2.0 ColorImpact version 2.8.7 Compatibility Pack for the 2007 Office system ControlMyNikon version 3.0 Corel Paint Shop Pro Photo X2 Corel Paint Shop Pro X Corel PaintShop Photo Pro X3 Creative MediaSource Crescent QuickPak 4.3 Critical Update for Windows Media Player 11 (KB959772) Crystal Button 2.8 Crystal Reports Dell Driver Download Manager Dell Driver Reset Tool Dell Media Experience Dell Media Experience Update Dell Picture Studio v3.0 Dell Software Uninstall Download Manager and Options Dropbox DualCalc v1.02a EmailUnlimited File Uploader FMS File Size 2.3 FolderSizes 5 Froogle Mash for Actinic GeoChart 2.0 Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper GroupMail :: Business Edition GroupMail :: SMS Add-on Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) IBP & ARELIS 9.5.1 IBP 10.1.2 IBP 11.9.1 IBP 12.0 ICA IDAutomation.com Code 39 Free Font Inspyder Web2Disk Trial InstallShield Express 2.11 Intel Matrix Storage Manager Internet Explorer Default Page IPM_PSP_CL IPM_PSP_COM iTunes J2SE Runtime Environment 5.0 Update 10 Janus GridEX 2000a - ActiveX Control Jasc Paint Shop Photo Album 5 Jasc Paint Shop Pro Studio, Dell Editon Java 2 Runtime Environment, SE v1.4.2_03 Java Auto Updater Longtion GIF Animator version 4.0 Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft AutoRoute 2005 Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Digital Image Library 9 - Blocker Microsoft Encarta Encyclopedia Standard 2005 Microsoft FrontPage Client - English Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Money Microsoft National Language Support Downlevel APIs Microsoft Office Live Add-in 1.5 Microsoft Office XP Media Content Microsoft Office XP Professional Microsoft Photo Premium 10 Microsoft Picture It! Library 10 Microsoft Publisher 2002 Microsoft Silverlight Microsoft SQL Server 2000 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Visual Studio .NET Enterprise Developer 2003 - English Microsoft Visual Studio 6.0 Enterprise Edition Microsoft Web Publishing Wizard 1.53 Microsoft Word 2002 Microsoft Works Microsoft Works 2005 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 8.0.1 (x86 en-GB) MSDN Library - April 2005 DVD MSDN Library - October 2001 MSVCRT MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) MyFonts Order M803081 MySQL Administrator 1.0 Nero Suite Netscape Browser (remove only) NetTracker 7.5 Enterprise Nikon Message Center 2 Nikon RAW Codec OGA Notifier 2.0.0048.0 One Stop Order Processing for Actinic OpenGL Extensions Viewer 4.0 ParcelForce Labels PC Connectivity Solution PDF Password Cracker v3.1 PDF Settings CS5 Picture Control Utility PowerDVD 5.5 Presto! PageManager 7.15.16 Print Server Driver Product Mash for Actinic PSPPContent PSPPRO_DCRAW QuickTime RegistryFix v5.0 RegistryFix v7.0 Safari Sage Line 50 ScanSoft OmniPage SE 4 ScriptFTP Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2124261) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2290570) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953155) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB970483) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975254) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976323) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Segoe UI SEO Report v1.0 Setup Shockwave Site Content Analyzer 2.2 Skins SmartDraw 2007 Sonic DLA Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sophos Anti-Rootkit 1.5.20 Sound Blaster Audigy 2 ZS Spartan SurfOffline Professional 2 TextPad 5 Turbo Lister 2 Tweak UI Ulead GIF Animator 5 TBYB Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB973874) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) ViewNX ViewNX 2 Vigo ActiveX Runtimes v1.0 Visual CSS QuickMenu Visual Studio .NET Enterprise Developer 2003 - English Visual Studio.NET Baseline - English Visustin v3 Visustin v3 (C:\Program Files\Visustin\) Wacom Tablet WebEx WebFldrs XP WebTablet FB Plugin WebTablet IE Plugin WebTablet Netscape Plugin Windows Defender Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool Windows Imaging Component Windows Installer Clean Up Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell 1.0 Windows Resource Kit Tools Windows XP Service Pack 3 WinZip Works Upgrade Yahoo! Detect . ==== End Of File =========================== DDS Log: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_10 Run by it.support at 13:34:57 on 2012-11-25 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.1662 [GMT 0:00] . . ============== Running Processes ================ . \??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\DKabcoms.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\msdtc.exe \??\C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\system32\rdpclip.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\GroupMail 5\GMSdlr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe \\ws01\Users\it.support\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\iPod\bin\iPodService.exe \??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe \??\C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe C:\Program Files\Actinic MU v7\Catalog.exe C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe C:\WINDOWS\system32\logon.scr C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Microsoft Works\WkDStore.exe C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Wessex Systems\IPAddress\GetIPAddress.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uProxyOverride = <local>;*.local dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - <orphaned> BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: {9696B0EA-5D5B-410B-89C3-3B2B147430A2} - <orphaned> EB: {E16DC1FE-7C34-43F2-B754-F3AD12DDF97C} - <orphaned> EB: {EB9EDE30-C8CA-4428-B41E-BFCF5A6E6F37} - <orphaned> uRun: [GroupMail Scheduler] c:\program files\groupmail 5\GMSdlr.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [synchronization Manager] c:\windows\system32\mobsync.exe /logon mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r mRun: [CTHelper] CTHELPER.EXE mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE" mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\ATIPTAXX.EXE mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.5.0_10\bin\jusched.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\admini~1.wes\startm~1\programs\startup\dropbox.lnk - \\ws01\users\it.support\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\admini~1.wes\startm~1\programs\startup\spartan.lnk - c:\program files\spartan\Spartan.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - c:\program files\blue squirrel\webwhacker 5.0\art\wwietb.html IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553555000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: Interfaces\{164973F1-2088-41C0-BC3E-261BF8A6275E} : NameServer = 192.168.1.30,192.168.1.254 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: 0aMCPClient - <orphaned> SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll . ================= FIREFOX =================== . FF - ProfilePath - \\ws01\Users\it.support\Application Data\Mozilla\Firefox\Profiles\b6l4tlke.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\program files\mozilla firefox\components\qfaservices.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-8 26984] R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?] R2 GetIPAddress;Get IP Address;c:\wessex systems\ipaddress\GetIPAddress.exe [2006-9-27 24576] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-14 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-10 676936] R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2012-5-16 7218040] R2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\tablet\wacom\Wacom_TouchService.exe [2012-5-16 483704] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-10 22856] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-10 167264] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432] S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2012-5-16 11640] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2012-5-16 55672] S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2012-5-16 13688] . =============== File Associations =============== . ShellExec: AlphaZip.exe: open="c:\progra~1\AlphaZIP/AlphaZIp.exe" "%1" ShellExec: dreamweaver.exe: open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-11-23 06:25:09 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c1a2d5d8-af81-4d2c-9664-d1ce2fb90c76}\mpengine.dll 2012-11-16 15:30:16 -------- d-----w- C:\ComboFix 2012-11-16 14:40:53 -------- d-sha-r- C:\cmdcons 2012-11-16 14:36:08 98816 ----a-w- c:\windows\sed.exe 2012-11-16 14:36:08 256000 ----a-w- c:\windows\PEV.exe 2012-11-16 14:36:08 208896 ----a-w- c:\windows\MBR.exe 2012-11-15 11:54:17 -------- d-----w- c:\program files\Dropbox 2012-11-15 11:49:46 -------- d-----w- \\ws01\Users\it.support\Application Data\Dropbox 2012-11-08 10:58:17 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-10-31 19:15:02 -------- d-----w- c:\program files\Spartan 2012-10-31 18:47:59 -------- d-----w- \\ws01\Users\it.support\Application Data\M8 Software 2012-10-31 16:25:36 -------- d-----w- c:\documents and settings\all users\application data\Babylon 2012-10-31 16:25:29 -------- d-----w- c:\program files\Download Manager and Options 2012-10-31 16:25:18 -------- d-----w- \\ws01\Users\it.support\Application Data\Babylon . ==================== Find3M ==================== . 2012-11-24 16:11:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-24 16:11:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-03 09:15:04 715253 ----a-w- \\ws01\Users\it.support\Application Data\unins000.exe 2012-10-28 11:04:37 55296 ----a-w- c:\windows\system32\Crystl32.oca 2012-10-28 11:04:37 240128 ----a-w- c:\windows\system32\comctl32.oca 2012-10-28 11:04:36 265728 ----a-w- c:\windows\system32\mscomctl.oca 2012-10-28 11:04:35 158208 ----a-w- c:\windows\system32\GridEX20.oca 2012-10-28 11:04:35 146944 ----a-w- c:\windows\system32\Cstext32.oca 2012-10-28 11:04:34 39936 ----a-w- c:\windows\system32\Cscal32.oca 2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-20 10:01:05 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll 2012-10-01 17:32:10 264416 ----a-w- c:\windows\system32\GMMailer.dll 2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-17 15:28:04 34 ----a-w- c:\windows\wol.bat 2012-09-04 17:03:26 122901 -c--a-w- c:\windows\Product Mash for Actinic Uninstaller.exe 2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 13:42:15.42 ===============
  7. BillS7718
    Hi Maniac, Have already done so, several times... KR Bill
  8. BillS7718
    Those 2-DOS Batch Files I wrote myself - they are 100% Clean and SAFE :-)
  9. BillS7718
    Oh, and same Chinese IP Address has been blocked today...
  10. BillS7718
    Results Log: RogueKiller V8.3.1 [Nov 22 2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : it.support [Admin rights] Mode : Remove -- Date : 11/22/2012 14:31:42 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Run : UpdReg (C:\WINDOWS\Updreg.EXE) -> DELETED [TASK][sUSP PATH] Get Web Log Files.job : C:\WINDOWS\gl.bat -> NOT SELECTED [TASK][sUSP PATH] RestartGetIPAddress.job : c:\WINDOWS\RestartGetIPAddress.bat -> NOT SELECTED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> E:\windows\system32\config\SOFTWARE -> E:\Documents and Settings\Administrator\NTUSER.DAT -> E:\Documents and Settings\administrator.WESSEXSYSTEMS\NTUSER.DAT -> E:\Documents and Settings\All Users\NTUSER.DAT -> E:\Documents and Settings\Bill\NTUSER.DAT -> E:\Documents and Settings\Default User\NTUSER.DAT -> E:\Documents and Settings\LocalService\NTUSER.DAT -> E:\Documents and Settings\NetworkService\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160023AS +++++ --- User --- [MBR] e921802fec088c9f071b604d65c1a68b [bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 152507 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST3500320NS +++++ --- User --- [MBR] 2df5682701fd25046801e9177f81fbb3 [bSP] d990dfeb63ff9996f331fba14a2a2054 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 227 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 465885 | Size: 476710 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_11222012_02d1431.txt >> RKreport[1]_S_11222012_02d1423.txt ; RKreport[2]_D_11222012_02d1431.txt
  11. BillS7718
    I am still seeing 2-3 IP-Blocks a day... Interesting point: Router has had same IP Address for 40-days so I reset it to get new IP Address.. The Chinese IP Addresses have not appeared in the Block list but 2-3 new IP Addresses have appeared. Seems: When someone latches on to an active IP address they regularly try to hack in? Perhaps this is what is going on??
  12. BillS7718
    Hi Maniac, These are applications I *chose* to install. One is 5-years old, the other 7-years old. They have not been executed for 5 and 7-years respectively and are not called at Windows Startup. However, I shall temporarily remove them & reboot... KR Bill.
  13. BillS7718
    Hi Maniac, ESET took 5-Hours to run! No log file was saved but i copied this to Clipboard before closing IE: C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application cleaned by deleting - quarantined C:\Program Files\RegistryFix\RegistryFix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined C:\Program Files\RegistryFix7\RegistryFix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined E:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application cleaned by deleting - quarantined E:\Program Files\RegistryFix\RegistryFix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined E:\Program Files\RegistryFix7\RegistryFix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined I considered ALL 6 to be False Positives so I restored them... I think from all these sans we are not infected... But why the attacks from China? HOW can anyone get through our Firewall? KR Bill.
  14. BillS7718
    Hi Maniac, I disabled my 4 x USB Card readers... then it ran all the way through. Log attached: KR Bill. ComboFix.txt
  15. BillS7718
    Hi Maniac, That's some scary disclaimers about ComboFix... But I tried it anyhow... It got to about stage #10 and then BSOD! something about USB Drivers/Bus... No log file is on the desktop... What to do? Try again? Do you Defo think we have a Rootkit? / Malware? Regards, Bill.
  16. BillS7718
    Log files attached: mbar-log-2012-11-15 (16-34-20).txt system-log.txt
  17. BillS7718
    Hi Maniac. WOW! Took a long, long time to scan... but then I have millions of files and a bloated XP registry! Scan completed: No Threats Found. So, that's a good start... Malwarebytes is saying the Threat is "incoming" - How can it get through our Router Firewall? We use a non-standard Port address as well...
  18. BillS7718
    Thank you Maniac. I have downloaded tool and will run it now.. Back as soon as it has done it's job...
  19. BillS7718
    Hi there, I keep getting the following message: Malwarebytes successfully blocked incoming Malicious website... (All seem to be ChinaNet IP addresses) How do these attacks get passed our Router? Also passed my AVG Firewall?? I have performed a full Mawarebytes scan (nothing spotted) and also a Full Virus Scan (24-tracking cookies found/removed) I ran DDS as recommended in other posts and include the 2-logs. Any advice? Is this a 'real' threat?? Kind regards, Bill. attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.