mattpaint

Gringo many thanks for your help my mate

hiya Gringo nothing found with eset

Please see below Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.01.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Clive.Cox :: CLIVECOX-BUILDC [administrator] Protection: Enabled 01/03/2013 18:32:10 mbam-log-2013-03-01 (18-32-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 290703 Time elapsed: 18 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:53:36, on 01/03/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lkcitdl.exe C:\WINDOWS\system32\lkads.exe C:\WINDOWS\system32\lktsrv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe C:\Program Files\Secunia\PSI\sua.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Garmin\ANT Agent\ANT Agent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Clive.Cox\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SecureBrowsing Toolbar - {7632ABCA-B104-4fbc-9C70-419C4147061B} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O3 - Toolbar: Finjan Secure Browsing - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\Clive.Cox\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user') O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user') O4 - Startup: CCC.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (DNL Reader) - http://www.digitalwebbooks.com/reader/dbplugin.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224059600921 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = buildcheck.local O17 - HKLM\Software\..\Telephony: DomainName = buildcheck.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = buildcheck.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = buildcheck.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = buildcheck.local O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 19349 bytes

Thanks for your help so far Gringo This one had me scratching my head , it kept opening up or saving as a text file. Im using Firefox I logged in through Explorer and it worked , ive rebooted and thats where im upto now , it didnt leave any reports for me to post.

Also Combofix never restarts the laptop , i do it manually just to be sure. Im not sure if thats relevant but thought id mention.

Morning Gringo Right , after my last post yesterday my laptop slowed down noticeably. Ive since followed your instructions (see report below) ,the laptop seems to start up ok ...but as i said its hard to see if its because its 5yo or if there is something sinister..(they make you paranoid these vurus's..why do they do it?)..its still a lot quicker than it was before we started this. ComboFix 13-02-26.01 - Clive.Cox 28/02/2013 7:22.7.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.310 [GMT 0:00] Running from: c:\documents and settings\Clive.Cox\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Clive.Cox\Desktop\CFScript.txt AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393} FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Clive.Cox\Local Settings\Temporary Internet Files\Secinfo.txt . . ((((((((((((((((((((((((( Files Created from 2013-01-28 to 2013-02-28 ))))))))))))))))))))))))))))))) . . 2013-02-25 18:14 . 2013-02-25 18:14 -------- d-----w- c:\documents and settings\Clive.Cox\Application Data\Panda Security 2013-02-25 18:13 . 2012-11-07 09:00 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2013-02-25 18:10 . 2013-02-25 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security 2013-02-19 11:26 . 2013-02-19 11:26 -------- d-----w- c:\windows\system32\wbem\Repository 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2013-02-15 15:01 . 2013-02-15 15:01 -------- d-----w- c:\windows\ERUNT 2013-02-15 15:01 . 2013-02-19 11:21 -------- d-----w- C:\JRT 2013-02-15 10:58 . 2013-02-19 11:23 -------- d-s---w- c:\documents and settings\TEMP.BUILDCHECK 2013-02-13 09:41 . 2013-02-13 09:40 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-13 09:19 . 2013-02-13 09:19 102008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2013-02-11 18:40 . 2013-02-28 06:57 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-02-08 11:55 . 2013-02-09 14:58 189084 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2013-02-08 11:26 . 2013-02-08 11:26 -------- d-----w- c:\program files\Common Files\Skype 2013-02-08 11:24 . 2013-02-25 15:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\Sentinel . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-28 07:07 . 2012-04-04 19:40 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-28 07:07 . 2011-05-18 18:21 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-13 09:40 . 2012-03-01 16:02 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-02-13 09:40 . 2012-05-18 17:09 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-13 09:40 . 2010-04-29 12:09 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-26 03:55 . 2008-10-13 14:12 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-09 21:45 . 2013-01-09 21:45 95584 ----a-w- c:\windows\system32\drivers\NNSHttps.sys 2013-01-07 01:19 . 2008-10-13 14:12 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:37 . 2008-10-13 14:12 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20 . 2008-10-13 14:12 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49 . 2004-08-04 08:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49 . 2004-08-04 08:00 1292288 ------w- c:\windows\system32\quartz.dll 2012-12-26 20:16 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2012-12-26 20:16 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-12-26 20:16 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-12-24 06:40 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec 2012-12-16 12:23 . 2004-08-04 08:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 16:49 . 2010-03-22 09:17 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-27 10:19 . 2013-02-27 10:19 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [bU] "ANT Agent"="c:\program files\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] "ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [bU] "PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-01-27 32480] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . c:\documents and settings\Administrator.BUILDCHECK\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . c:\documents and settings\Clive.Cox\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-10-13 192512] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [13/02/2013 09:19 102008] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [14/07/2010 11:51 65584] R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [26/11/2012 16:48 82728] R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [26/11/2012 16:48 119080] R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [09/01/2013 21:45 95584] R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [26/11/2012 16:48 123944] R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [26/11/2012 16:48 94632] R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [26/11/2012 16:48 105640] R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [26/11/2012 16:48 286888] R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [26/11/2012 16:48 159528] R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [26/11/2012 16:48 108200] R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [28/11/2012 14:04 218024] R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [26/11/2012 16:48 93096] R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [09/11/2012 19:01 178728] R1 RapportCerberus_50414;RapportCerberus_50414;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys [20/02/2013 12:16 316984] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [13/02/2013 09:19 102680] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [13/02/2013 09:19 173880] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [20/09/2012 10:52 398184] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22/03/2010 09:17 682344] R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [27/01/2013 20:16 140512] R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [15/09/2011 12:06 88576] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [01/08/2007 10:54 540448] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [09/11/2012 19:01 149288] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [09/11/2012 19:01 102184] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [09/11/2012 19:01 114216] R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [09/11/2012 19:01 123560] R2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [27/01/2013 22:38 37088] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [13/02/2013 09:18 1124184] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [19/04/2011 06:44 399416] R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [03/08/2011 15:18 618896] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/03/2010 09:17 21104] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [06/12/2008 17:53 47360] R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [25/02/2013 18:13 46672] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [03/07/2012 12:19 160944] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18/04/2012 16:32 80824] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [04/12/2011 10:45 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 18:01 21248] S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [17/05/2011 15:44 28160] S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [30/09/2010 16:49 201032] S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [22/10/2012 12:08 38824] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 08:30 15544] S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [19/04/2011 06:44 993848] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [18/04/2012 16:32 181432] S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [26/11/2012 16:48 51496] . --- Other Services/Drivers In Memory --- . *Deregistered* - RapportIaso . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Cognizance REG_MULTI_SZ ASBroker ASChannel . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:07] . 2013-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 15:58] . 2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 15:58] . 2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-706967980-2976189254-1850976456-1141Core.job - c:\documents and settings\Clive.Cox\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-31 09:12] . 2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-706967980-2976189254-1850976456-1141UA.job - c:\documents and settings\Clive.Cox\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-31 09:12] . 2013-02-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-706967980-2976189254-1850976456-1141.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 16:02] . 2013-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-706967980-2976189254-1850976456-1141.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 16:02] . 2013-02-28 c:\windows\Tasks\User_Feed_Synchronization-{0DD0CE9D-777D-4BD8-9469-8BCC61FECE10}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.co.uk/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.0.1 DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab FF - ProfilePath - c:\documents and settings\Clive.Cox\Application Data\Mozilla\Firefox\Profiles\tu6g6uxw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-28 07:41 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|p>?|????i>?|&?@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(2012) c:\windows\system32\APSHook.dll c:\windows\system32\Ati2evxx.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\HEWLETT-PACKARD\IAM\BIN\ItMsg.dll . - - - - - - - > 'lsass.exe'(172) c:\windows\system32\APSHook.dll . Completion time: 2013-02-28 07:46:06 ComboFix-quarantined-files.txt 2013-02-28 07:45 ComboFix2.txt 2013-02-26 18:15 ComboFix3.txt 2013-02-26 13:58 ComboFix4.txt 2013-02-15 14:53 ComboFix5.txt 2013-02-28 07:14 . Pre-Run: 122,558,320,640 bytes free Post-Run: 122,533,371,904 bytes free . - - End Of File - - 70312D9733D399C749F5B3EC3311E0A3

Hello Gringo Well it still starts up slowly but it is a 5yo laptop so maybe not so mysterious?? That said it is markedly faster starting up now. I did have a problem with my antivirus (panda endpoint protection) it wouldnt update at all and i tried a repair on it ,it changed it language to spanish and still wouldnt update..( though i do think the language thing was my fault as opposed to a virus)... Before i posted on here i wiped the panda endpoint off and just installed the free panda cloud antivirus , so maybe that helped also? im guessing you cant see anything nasty on my reports?

I was suprised that combofix asked me to update to the latest version whilst running as you said, even though id only downloaded for the 1st time today. Maybe im just paranoid about this laptop :-) again it didnt reboot. report below ComboFix 13-02-26.01 - Clive.Cox 26/02/2013 17:56:56.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.392 [GMT 0:00] Running from: c:\documents and settings\Clive.Cox\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Clive.Cox\Desktop\CFScript.txt AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393} FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802} . . ((((((((((((((((((((((((( Files Created from 2013-01-26 to 2013-02-26 ))))))))))))))))))))))))))))))) . . 2013-02-25 18:14 . 2013-02-25 18:14 -------- d-----w- c:\documents and settings\Clive.Cox\Application Data\Panda Security 2013-02-25 18:13 . 2012-11-07 09:00 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2013-02-25 18:10 . 2013-02-25 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security 2013-02-19 11:26 . 2013-02-19 11:26 -------- d-----w- c:\windows\system32\wbem\Repository 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2013-02-15 15:01 . 2013-02-15 15:01 -------- d-----w- c:\windows\ERUNT 2013-02-15 15:01 . 2013-02-19 11:21 -------- d-----w- C:\JRT 2013-02-15 10:58 . 2013-02-19 11:23 -------- d-s---w- c:\documents and settings\TEMP.BUILDCHECK 2013-02-13 09:41 . 2013-02-13 09:40 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-13 09:19 . 2013-02-13 09:19 102008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2013-02-11 18:40 . 2013-02-11 18:40 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-02-11 18:40 . 2013-02-01 18:22 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe 2013-02-11 18:40 . 2013-02-01 18:22 157712 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe 2013-02-11 18:40 . 2013-02-01 18:22 193168 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2013-02-11 18:40 . 2013-02-01 18:22 142744 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2013-02-11 18:40 . 2013-02-01 18:22 115608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2013-02-11 18:40 . 2013-02-01 18:22 2850712 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2013-02-11 18:40 . 2013-02-01 18:22 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2013-02-11 18:40 . 2013-02-01 18:22 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2013-02-11 18:40 . 2013-02-01 18:22 74136 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2013-02-08 11:55 . 2013-02-09 14:58 189084 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2013-02-08 11:26 . 2013-02-08 11:26 -------- d-----w- c:\program files\Common Files\Skype 2013-02-08 11:24 . 2013-02-25 15:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\Sentinel . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-13 09:40 . 2012-03-01 16:02 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-02-13 09:40 . 2012-05-18 17:09 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-13 09:40 . 2010-04-29 12:09 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-08 13:02 . 2012-04-04 19:40 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-08 13:02 . 2011-05-18 18:21 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-26 03:55 . 2008-10-13 14:12 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-09 21:45 . 2013-01-09 21:45 95584 ----a-w- c:\windows\system32\drivers\NNSHttps.sys 2013-01-07 01:19 . 2008-10-13 14:12 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:37 . 2008-10-13 14:12 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20 . 2008-10-13 14:12 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49 . 2004-08-04 08:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49 . 2004-08-04 08:00 1292288 ------w- c:\windows\system32\quartz.dll 2012-12-26 20:16 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2012-12-26 20:16 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-12-26 20:16 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-12-24 06:40 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec 2012-12-16 12:23 . 2004-08-04 08:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 16:49 . 2010-03-22 09:17 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-01 18:22 . 2011-11-28 09:05 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [bU] "ANT Agent"="c:\program files\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] "ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [bU] "PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-01-27 32480] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . c:\documents and settings\Administrator.BUILDCHECK\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . c:\documents and settings\Clive.Cox\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-10-13 192512] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [13/02/2013 09:19 102008] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [14/07/2010 11:51 65584] R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [26/11/2012 16:48 82728] R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [26/11/2012 16:48 119080] R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [09/01/2013 21:45 95584] R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [26/11/2012 16:48 123944] R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [26/11/2012 16:48 94632] R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [26/11/2012 16:48 105640] R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [26/11/2012 16:48 286888] R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [26/11/2012 16:48 159528] R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [26/11/2012 16:48 108200] R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [28/11/2012 14:04 218024] R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [26/11/2012 16:48 93096] R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [09/11/2012 19:01 178728] R1 RapportCerberus_50414;RapportCerberus_50414;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys [20/02/2013 12:16 316984] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [13/02/2013 09:19 102680] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [13/02/2013 09:19 173880] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336] R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [27/01/2013 20:16 140512] R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [15/09/2011 12:06 88576] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [01/08/2007 10:54 540448] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [09/11/2012 19:01 149288] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [09/11/2012 19:01 102184] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [09/11/2012 19:01 114216] R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [09/11/2012 19:01 123560] R2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [27/01/2013 22:38 37088] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [13/02/2013 09:18 1124184] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [19/04/2011 06:44 399416] R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [03/08/2011 15:18 618896] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [06/12/2008 17:53 47360] R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [25/02/2013 18:13 46672] R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [11/03/2012 13:50 55448] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [20/09/2012 10:52 398184] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22/03/2010 09:17 682344] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [03/07/2012 12:19 160944] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18/04/2012 16:32 80824] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [04/12/2011 10:45 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 18:01 21248] S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [17/05/2011 15:44 28160] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/03/2010 09:17 21104] S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [30/09/2010 16:49 201032] S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [22/10/2012 12:08 38824] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 08:30 15544] S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [19/04/2011 06:44 993848] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [18/04/2012 16:32 181432] S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [26/11/2012 16:48 51496] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - RAPPORTIASO . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Cognizance REG_MULTI_SZ ASBroker ASChannel . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:02] . 2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 15:58] . 2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 15:58] . 2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-706967980-2976189254-1850976456-1141Core.job - c:\documents and settings\Clive.Cox\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-31 09:12] . 2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-706967980-2976189254-1850976456-1141UA.job - c:\documents and settings\Clive.Cox\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-31 09:12] . 2013-02-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-706967980-2976189254-1850976456-1141.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 16:02] . 2013-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-706967980-2976189254-1850976456-1141.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 16:02] . 2013-02-26 c:\windows\Tasks\User_Feed_Synchronization-{0DD0CE9D-777D-4BD8-9469-8BCC61FECE10}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.co.uk/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{71B9D779-C252-472E-868E-5C98B116BBEF}: NameServer = 10.11.12.1 DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab FF - ProfilePath - c:\documents and settings\Clive.Cox\Application Data\Mozilla\Firefox\Profiles\tu6g6uxw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-26 18:10 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|p>?|????i>?|&?@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(2012) c:\windows\system32\APSHook.dll c:\windows\system32\Ati2evxx.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\HEWLETT-PACKARD\IAM\BIN\ItMsg.dll . - - - - - - - > 'lsass.exe'(172) c:\windows\system32\APSHook.dll . - - - - - - - > 'explorer.exe'(5600) c:\windows\system32\WININET.dll c:\windows\system32\APSHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-02-26 18:15:08 ComboFix-quarantined-files.txt 2013-02-26 18:15 ComboFix2.txt 2013-02-26 13:58 ComboFix3.txt 2013-02-15 14:53 ComboFix4.txt 2011-05-06 13:07 ComboFix5.txt 2013-02-26 17:53 . Pre-Run: 122,862,927,872 bytes free Post-Run: 122,827,096,064 bytes free . - - End Of File - - 5D1FC8C6E12391DC23439DC0E3B64D65

the combofix report is below it didnt reboot , i manually did this. Once rebooted it was still very slow , ineded up rebooting again and this time it was a lot quicker. ComboFix 13-02-24.01 - Clive.Cox 26/02/2013 13:38:26.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.348 [GMT 0:00] Running from: c:\documents and settings\Clive.Cox\Desktop\ComboFix.exe AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393} FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP C:\RECYCLER(2) c:\recycler(2)\S-1-5-21-706967980-2976189254-1850976456-1141(2)\Dc4.jpg c:\recycler(2)\S-1-5-21-706967980-2976189254-1850976456-1141(2)\Dc5.jpg c:\recycler(2)\S-1-5-21-706967980-2976189254-1850976456-1141(2)\INFO2 c:\windows\system32\muzapp.exe c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2013-01-26 to 2013-02-26 ))))))))))))))))))))))))))))))) . . 2013-02-25 18:14 . 2013-02-25 18:14 -------- d-----w- c:\documents and settings\Clive.Cox\Application Data\Panda Security 2013-02-25 18:13 . 2012-11-07 09:00 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2013-02-25 18:10 . 2013-02-25 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security 2013-02-19 11:26 . 2013-02-19 11:26 -------- d-----w- c:\windows\system32\wbem\Repository 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2013-02-15 15:01 . 2013-02-15 15:01 -------- d-----w- c:\windows\ERUNT 2013-02-15 15:01 . 2013-02-19 11:21 -------- d-----w- C:\JRT 2013-02-15 10:58 . 2013-02-19 11:23 -------- d-s---w- c:\documents and settings\TEMP.BUILDCHECK 2013-02-13 09:41 . 2013-02-13 09:40 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-13 09:19 . 2013-02-13 09:19 102008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2013-02-11 18:40 . 2013-02-11 18:40 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-02-11 18:40 . 2013-02-01 18:22 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe 2013-02-11 18:40 . 2013-02-01 18:22 157712 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe 2013-02-11 18:40 . 2013-02-01 18:22 193168 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2013-02-11 18:40 . 2013-02-01 18:22 142744 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2013-02-11 18:40 . 2013-02-01 18:22 115608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2013-02-11 18:40 . 2013-02-01 18:22 2850712 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2013-02-11 18:40 . 2013-02-01 18:22 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2013-02-11 18:40 . 2013-02-01 18:22 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2013-02-11 18:40 . 2013-02-01 18:22 74136 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2013-02-08 11:55 . 2013-02-09 14:58 189084 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2013-02-08 11:26 . 2013-02-08 11:26 -------- d-----w- c:\program files\Common Files\Skype 2013-02-08 11:24 . 2013-02-25 15:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\Sentinel . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-13 09:40 . 2012-03-01 16:02 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-02-13 09:40 . 2012-05-18 17:09 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-13 09:40 . 2010-04-29 12:09 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-08 13:02 . 2012-04-04 19:40 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-08 13:02 . 2011-05-18 18:21 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-26 03:55 . 2008-10-13 14:12 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-09 21:45 . 2013-01-09 21:45 95584 ----a-w- c:\windows\system32\drivers\NNSHttps.sys 2013-01-07 01:19 . 2008-10-13 14:12 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:37 . 2008-10-13 14:12 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20 . 2008-10-13 14:12 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49 . 2004-08-04 08:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49 . 2004-08-04 08:00 1292288 ------w- c:\windows\system32\quartz.dll 2012-12-26 20:16 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2012-12-26 20:16 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-12-26 20:16 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-12-24 06:40 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec 2012-12-16 12:23 . 2004-08-04 08:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 16:49 . 2010-03-22 09:17 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-28 14:04 . 2012-11-28 14:04 218024 ----a-w- c:\windows\system32\drivers\NNSStrm.sys 2013-02-01 18:22 . 2011-11-28 09:05 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [bU] "ANT Agent"="c:\program files\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-25 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-19 296056] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] "ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [bU] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-01-27 32480] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . c:\documents and settings\Administrator.BUILDCHECK\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . c:\documents and settings\Clive.Cox\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-10-13 192512] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [13/02/2013 09:19 102008] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [14/07/2010 11:51 65584] R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [26/11/2012 16:48 82728] R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [26/11/2012 16:48 119080] R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [09/01/2013 21:45 95584] R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [26/11/2012 16:48 123944] R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [26/11/2012 16:48 94632] R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [26/11/2012 16:48 105640] R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [26/11/2012 16:48 286888] R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [26/11/2012 16:48 159528] R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [26/11/2012 16:48 108200] R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [28/11/2012 14:04 218024] R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [26/11/2012 16:48 93096] R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [09/11/2012 19:01 178728] R1 RapportCerberus_50414;RapportCerberus_50414;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys [20/02/2013 12:16 316984] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [13/02/2013 09:19 102680] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [13/02/2013 09:19 173880] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [09/11/2012 19:01 149288] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [09/11/2012 19:01 102184] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [09/11/2012 19:01 114216] R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [09/11/2012 19:01 123560] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [06/12/2008 17:53 47360] R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [25/02/2013 18:13 46672] R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [11/03/2012 13:50 55448] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18/04/2012 16:32 80824] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [04/12/2011 10:45 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 18:01 21248] S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [17/05/2011 15:44 28160] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/03/2010 09:17 21104] S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [30/09/2010 16:49 201032] S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [22/10/2012 12:08 38824] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 08:30 15544] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [18/04/2012 16:32 181432] S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [26/11/2012 16:48 51496] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - RAPPORTIASO *NewlyCreated* - TRUESIGHT *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Cognizance REG_MULTI_SZ ASBroker ASChannel . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:02] . 2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 15:58] . 2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 15:58] . 2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-706967980-2976189254-1850976456-1141Core.job - c:\documents and settings\Clive.Cox\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-31 09:12] . 2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-706967980-2976189254-1850976456-1141UA.job - c:\documents and settings\Clive.Cox\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-31 09:12] . 2013-02-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-706967980-2976189254-1850976456-1141.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 16:02] . 2013-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-706967980-2976189254-1850976456-1141.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 16:02] . 2013-02-26 c:\windows\Tasks\User_Feed_Synchronization-{0DD0CE9D-777D-4BD8-9469-8BCC61FECE10}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.co.uk/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.0.1 DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab FF - ProfilePath - c:\documents and settings\Clive.Cox\Application Data\Mozilla\Firefox\Profiles\tu6g6uxw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: network.proxy.type - 0 . . ------- File Associations ------- . .scr=Icad.load.scr . - - - - ORPHANS REMOVED - - - - . AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-26 13:54 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|p>?|????i>?|&?@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(2016) c:\windows\system32\Ati2evxx.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\HEWLETT-PACKARD\IAM\BIN\ItMsg.dll . Completion time: 2013-02-26 13:58:40 ComboFix-quarantined-files.txt 2013-02-26 13:58 ComboFix2.txt 2013-02-15 14:53 ComboFix3.txt 2011-05-06 13:07 ComboFix4.txt 2010-04-28 06:07 . Pre-Run: 123,196,309,504 bytes free Post-Run: 123,198,353,408 bytes free . - - End Of File - - 7CD060ABAC83B76A54A8A49338F0830E was there a virus??

Hiya Gringo thanks for your time I couldnt get reset DMA to work , it just opened in notepad , so i followed the instructions on the link. My laptop os set up as the poster said it should be so i didnt reset anything, i hope i got that bit right. THe rest is as follows.. Security check : Results of screen317's Security Check version 0.99.59 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Panda Cloud Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 4.5 Secunia PSI (2.0.0.3003) Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.0 Java 6 Update 31 Java 7 Update 13 Java SE Development Kit 6 Update 25 Java DB 10.6.2.1 Adobe Flash Player 11.5.502.149 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox 18.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Panda Security Panda Cloud Antivirus PSANHost.exe Panda Security Panda Cloud Antivirus PSUAService.exe Panda Security Panda Cloud Antivirus PSUAMain.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 8% ````````````````````End of Log`````````````````````` Adw Cleaner : # AdwCleaner v2.113 - Logfile created 02/26/2013 at 10:14:06 # Updated 23/02/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Clive.Cox - CLIVECOX-BUILDC # Boot Mode : Normal # Running from : C:\Documents and Settings\Clive.Cox\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\DOCUME~1\Clive.Cox\LOCALS~1\Temp\boost_interprocess Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess Folder Deleted : C:\Documents and Settings\Clive.Cox\Application Data\Mozilla\Firefox\Profiles\tu6g6uxw.default\ConduitCommon Folder Deleted : C:\Documents and Settings\Clive.Cox\Application Data\Mozilla\Firefox\Profiles\tu6g6uxw.default\CT2786678 Folder Deleted : C:\Documents and Settings\Clive.Cox\Application Data\Mozilla\Firefox\Profiles\tu6g6uxw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} Folder Deleted : C:\Documents and Settings\Clive.Cox\Application Data\vShare Folder Deleted : C:\Documents and Settings\Clive.Cox\Local Settings\Application Data\AskToolbar Folder Deleted : C:\Documents and Settings\Clive.Cox\Local Settings\Application Data\Conduit Folder Deleted : C:\Program Files\Ask.com Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\vShare ***** [Registry] ***** Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83} Key Deleted : HKCU\Software\vShare Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.2 (en-US) File : C:\Documents and Settings\Clive.Cox\Application Data\Mozilla\Firefox\Profiles\tu6g6uxw.default\prefs.js Deleted : user_pref("CT2786678..clientLogIsEnabled", false); Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Fri Jul 06 2012 10:46:27 GMT+0100 (GMT Daylight Tim[...] Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true); Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_1359634298000", true); Deleted : user_pref("CT2786678.CTID", "CT2786678"); Deleted : user_pref("CT2786678.CurrentServerDate", "26-2-2013"); Deleted : user_pref("CT2786678.DSInstall", false); Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Mon Feb 25 2013 09:50:25 GMT+0000 (GMT Standard T[...] Deleted : user_pref("CT2786678.DownloadReferralCookieData", ""); Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Thu Dec 15 2011 15:56:26 GMT+0000 (GMT Standard Time)"[...] Deleted : user_pref("CT2786678.EnableClickToSearchBox", false); Deleted : user_pref("CT2786678.EnableSearchHistory", false); Deleted : user_pref("CT2786678.EnableSearchSuggest", false); Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 246); Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Dec 16 2011 09:04:40 GMT+0000 (GMT Stand[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Dec 16 2011 09:04:40 GMT+0000 (GMT Stand[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Dec 16 2011 09:04:39 GMT+0000 (GMT Stand[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Dec 16 2011 09:04:40 GMT+0000 (GMT Stand[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Dec 16 2011 09:04:40 GMT+0000 (GMT Stand[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Dec 16 2011 09:04:40 GMT+0000 (GMT Stand[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Dec 16 2011 09:04:39 GMT+0000 (GMT Stand[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Dec 16 2011 09:04:40 GMT+0000 (GMT Stand[...] Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Dec 16 2011 09:04:40 GMT+0000 (GMT Stand[...] Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Dec 16 2011 09:04:40 GMT+0000 (GMT Stand[...] Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Dec 16 2011 09:04:40 GMT+0000 (GMT Stand[...] Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15); Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10); Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5); Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5); Deleted : user_pref("CT2786678.FirstServerDate", "15-12-2011"); Deleted : user_pref("CT2786678.FirstTime", true); Deleted : user_pref("CT2786678.FirstTimeFF3", true); Deleted : user_pref("CT2786678.FixPageNotFoundErrors", true); Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2786678.HPInstall", false); Deleted : user_pref("CT2786678.HasUserGlobalKeys", true); Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false); Deleted : user_pref("CT2786678.HomepageBeforeUnload", "hxxp://www.yahoo.co.uk/"); Deleted : user_pref("CT2786678.Initialize", true); Deleted : user_pref("CT2786678.InitializeCommonPrefs", true); Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2786678.InstallationId", "ConduitXPEIntegration"); Deleted : user_pref("CT2786678.InstallationType", "ConduitXPEIntegration"); Deleted : user_pref("CT2786678.InstalledDate", "Thu Dec 15 2011 15:56:27 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2786678.IsAlertDBUpdated", true); Deleted : user_pref("CT2786678.IsGrouping", false); Deleted : user_pref("CT2786678.IsInitSetupIni", true); Deleted : user_pref("CT2786678.IsMulticommunity", false); Deleted : user_pref("CT2786678.IsOpenThankYouPage", true); Deleted : user_pref("CT2786678.IsOpenUninstallPage", false); Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Feb 26 2013 09:37:02 GMT+0000 (GMT Standard Ti[...] Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2786678.LastLogin_3.10.0.1", "Wed Apr 18 2012 09:01:22 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2786678.LastLogin_3.12.0.7", "Mon Apr 30 2012 09:29:10 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2786678.LastLogin_3.12.2.3", "Thu May 31 2012 14:34:46 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Tue Jul 17 2012 20:36:50 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2786678.LastLogin_3.14.1.0", "Fri Aug 31 2012 13:43:48 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2786678.LastLogin_3.15.1.0", "Fri Dec 14 2012 13:15:41 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2786678.LastLogin_3.16.0.3", "Sat Feb 09 2013 15:07:33 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2786678.LastLogin_3.18.0.7", "Tue Feb 26 2013 09:37:02 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2786678.LastLogin_3.8.1.0", "Wed Jan 11 2012 16:50:40 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2786678.LastLogin_3.9.0.3", "Thu Mar 08 2012 10:39:57 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2786678.LatestVersion", "3.18.0.7"); Deleted : user_pref("CT2786678.Locale", "en"); Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2786678.MCDetectTooltipShow", false); Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.8.1.0"); Deleted : user_pref("CT2786678.RadioShrinked", "shrinked"); Deleted : user_pref("CT2786678.RadioShrinkedFromSetup", true); Deleted : user_pref("CT2786678.SHRINK_TOOLBAR", 0); Deleted : user_pref("CT2786678.SearchBackToDefaultEngine", false); Deleted : user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search"); Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...] Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true); Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Feb 26 2013 09:37:00 GMT+0000 (GMT Standard [...] Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Deleted : user_pref("CT2786678.SearchInNewTabUserEnabled", false); Deleted : user_pref("CT2786678.SearchProtectorEnabled", false); Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2786678.SendProtectorDataViaLogin", true); Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Feb 26 2013 09:37:02 GMT+0000 (GMT Standard Time[...] Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Feb 26 2013 09:36:57 GMT+0000 (GMT Standard Time)"[...] Deleted : user_pref("CT2786678.SettingsLastUpdate", "1361866362"); Deleted : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13"); Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Mon Jul 02 2012 10:12:34 GMT+0100 (GMT Dayligh[...] Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", true); Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678"); Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2786678.UserID", "UN99115249022298916"); Deleted : user_pref("CT2786678.ValidationData_Search", 2); Deleted : user_pref("CT2786678.WeatherNetwork", ""); Deleted : user_pref("CT2786678.WeatherPollDate", "Thu Dec 15 2011 15:56:33 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2786678.WeatherUnit", "C"); Deleted : user_pref("CT2786678.alertChannelId", "1178763"); Deleted : user_pref("CT2786678.approveUntrustedApps", false); Deleted : user_pref("CT2786678.autoDisableScopes", -1); Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "5468752044656320313520323031312031353A35363A33352[...] Deleted : user_pref("CT2786678.backendstorage.facebook_mode", "32"); Deleted : user_pref("CT2786678.backendstorage.facebook_user_locale", "656E"); Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...] Deleted : user_pref("CT2786678.componentAlertEnabled", false); Deleted : user_pref("CT2786678.components.1000034", false); Deleted : user_pref("CT2786678.components.1000234", false); Deleted : user_pref("CT2786678.components.129295698017012804", false); Deleted : user_pref("CT2786678.components.129309485163350924", false); Deleted : user_pref("CT2786678.components.129309489763975460", false); Deleted : user_pref("CT2786678.components.129315411424256896", false); Deleted : user_pref("CT2786678.components.129526967958500204", false); Deleted : user_pref("CT2786678.components.129579220236217502", false); Deleted : user_pref("CT2786678.components.5690698542593514850", false); Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Mon Jul 02 2012 08:46:29 GMT+0100 (GMT Dayl[...] Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2786678.initDone", true); Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true); Deleted : user_pref("CT2786678.isFirstRadioInstallation", false); Deleted : user_pref("CT2786678.isSearchProtectorNotifyChanges", false); Deleted : user_pref("CT2786678.myStuffEnabled", true); Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129789450454597254[...] Deleted : user_pref("CT2786678.revertSettingsEnabled", true); Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2786678.testingCtid", ""); Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Feb 26 2013 09:37:02 GMT+0000 (GMT Stand[...] Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Mon Jul 09 2012 09:31:35 GMT+0100 (GMT Dayli[...] Deleted : user_pref("CT2786678.usageEnabled", false); Deleted : user_pref("CT2786678.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/UK", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"023[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Clive.Cox\\Applica[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6"); Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v3.13/gadget.html", [...] Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Dec 15 2011 15:56:32 GMT+0000 (GMT[...] Deleted : user_pref("CommunityToolbar.globalUserId", "a75e7953-ad2b-4c2d-af3a-f653a8bf6111"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 09 2012 10:12:4[...] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Jul 11 2012 09:31:42 GMT+010[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jul 11 2012 09:31:29 GMT+0100 (G[...] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "07b3874c-7c8a-4673-9024-5175a7b88385"); Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.yahoo.co.uk/"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] -\\ Google Chrome v25.0.1364.97 File : C:\Documents and Settings\Clive.Cox\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [21134 octets] - [26/02/2013 10:14:06] ########## EOF - C:\AdwCleaner[s1].txt - [21195 octets] ########## Rogue Killer - left 2 reports im guessing the 2nd is the post delete scan but ill post both to be sure below 1. RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Clive.Cox [Admin rights] Mode : Scan -- Date : 02/26/2013 10:28:24 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{71B9D779-C252-472E-868E-5C98B116BBEF} : NameServer (10.11.12.1) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE6371E6) SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE637EDA) SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys @ 0xEE87EC80) SSDT[62] : NtDeleteFile @ 0x80576C4A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE6381E2) SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BC2E) SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BC7C) SSDT[98] : NtLoadKey @ 0x80626384 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BEC2) SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63808A) SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE637398) SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE637626) SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE6377E0) SSDT[177] : NtQueryValueKey @ 0x80622384 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BDCA) SSDT[192] : NtRenameKey @ 0x80623B82 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BCE6) SSDT[193] : NtReplaceKey @ 0x80626234 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BD3A) SSDT[204] : NtRestoreKey @ 0x80625B40 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BD82) SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE637154) SSDT[224] : NtSetInformationFile @ 0x8057B02E -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE6382F6) SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BB54) SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE637090) SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE636F96) S_SSDT[7] : NtGdiAlphaBlend -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63EA54) S_SSDT[13] : NtGdiBitBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63E796) S_SSDT[191] : NtGdiGetPixel -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63E816) S_SSDT[227] : NtGdiMaskBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63E8F2) S_SSDT[237] : NtGdiPlgBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63E978) S_SSDT[292] : NtGdiStretchBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63E862) S_SSDT[298] : NtGdiTransparentBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63E9E6) S_SSDT[378] : NtUserFindWindowEx -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE638872) S_SSDT[477] : NtUserPrintWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63EAC6) S_SSDT[483] : NtUserQueryWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE6387C4) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++ --- User --- [MBR] 4f7b7406b1025ccc2632dbe3f83aaa4b [bSP] 8f11a17c5076b03434e3a19aa5c5bedf : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 223011 Mo 1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 456727950 | Size: 15460 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_02262013_02d1028.txt >> RKreport[1]_S_02262013_02d1028.txt 2. RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Clive.Cox [Admin rights] Mode : Remove -- Date : 02/26/2013 10:29:40 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{71B9D779-C252-472E-868E-5C98B116BBEF} : NameServer (10.11.12.1) -> NOT REMOVED, USE DNSFIX [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE6371E6) SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE637EDA) SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys @ 0xEE87EC80) SSDT[62] : NtDeleteFile @ 0x80576C4A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE6381E2) SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BC2E) SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BC7C) SSDT[98] : NtLoadKey @ 0x80626384 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BEC2) SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63808A) SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE637398) SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE637626) SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE6377E0) SSDT[177] : NtQueryValueKey @ 0x80622384 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BDCA) SSDT[192] : NtRenameKey @ 0x80623B82 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BCE6) SSDT[193] : NtReplaceKey @ 0x80626234 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BD3A) SSDT[204] : NtRestoreKey @ 0x80625B40 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BD82) SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE637154) SSDT[224] : NtSetInformationFile @ 0x8057B02E -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE6382F6) SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63BB54) SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE637090) SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE636F96) S_SSDT[7] : NtGdiAlphaBlend -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63EA54) S_SSDT[13] : NtGdiBitBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63E796) S_SSDT[191] : NtGdiGetPixel -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63E816) S_SSDT[227] : NtGdiMaskBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63E8F2) S_SSDT[237] : NtGdiPlgBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63E978) S_SSDT[292] : NtGdiStretchBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63E862) S_SSDT[298] : NtGdiTransparentBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63E9E6) S_SSDT[378] : NtUserFindWindowEx -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE638872) S_SSDT[477] : NtUserPrintWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE63EAC6) S_SSDT[483] : NtUserQueryWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEE6387C4) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++ --- User --- [MBR] 4f7b7406b1025ccc2632dbe3f83aaa4b [bSP] 8f11a17c5076b03434e3a19aa5c5bedf : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 223011 Mo 1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 456727950 | Size: 15460 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_02262013_02d1029.txt >> RKreport[1]_S_02262013_02d1028.txt ; RKreport[2]_D_02262013_02d1029.txt thanks

hiya ive attached the logs as instructed , ive done numerous scans without anything showing up but i cant help feeling there is something not right. Laptop is extremely slow on startup ( has been upto 40 mins) ,and i am unable to switch on automatic updates. also the system restore dates before last week have disappeared!! ( laptop slowed down noticeably last week) im just curious to see if there is something nasty behind this. thanks in advance attach.txt dds.txt

eset found nothing security check below Results of screen317's Security Check version 0.99.7 Windows 7 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 25 Out of date Java installed! Adobe Flash Player 10.1.85.3 Adobe Reader 9.4.1 Out of date Adobe Reader installed! Mozilla Firefox (3.6.11) Firefox Out of Date! Mozilla Thunderbird (3.1.6) Thunderbird Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe ``````````End of Log````````````

Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6653 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 23/05/2011 17:14:15 mbam-log-2011-05-23 (17-14-15).txt Scan type: Quick scan Objects scanned: 214946 Time elapsed: 10 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 20/12/2009 11:40:48 System Uptime: 20/05/2011 14:53:34 (3 hours ago) . Motherboard: ASRock | | K10N78FullHD-hSLI.. Processor: AMD Athlon II X4 620 Processor | CPUSocket | 2600/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 312.064 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Coprocessor Device ID: PCI\VEN_10DE&DEV_0753&SUBSYS_07531849&REV_A2\3&267A616A&0&0B Manufacturer: Name: Coprocessor PNP Device ID: PCI\VEN_10DE&DEV_0753&SUBSYS_07531849&REV_A2\3&267A616A&0&0B Service: . ==== System Restore Points =================== . RP194: 12/05/2011 06:56:14 - Windows Update RP195: 12/05/2011 08:34:26 - Removed AVG 2011 RP196: 12/05/2011 08:44:00 - Removed GOM Player + Ask Toolbar. RP197: 13/05/2011 09:14:00 - Windows Modules Installer RP198: 13/05/2011 09:21:53 - Removed GOM Player + Ask Toolbar. RP199: 13/05/2011 09:30:16 - avast! Free Antivirus Setup RP200: 13/05/2011 10:00:24 - Installed Java 6 Update 24 RP201: 13/05/2011 10:08:01 - Installed Java 6 Update 25 RP202: 13/05/2011 10:24:23 - Removed Java 6 Update 25 RP203: 13/05/2011 10:28:16 - Installed Java 6 Update 25 RP204: 15/05/2011 19:11:16 - ComboFix created restore point . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.1 Apple Application Support Apple Mobile Device Support Apple Software Update

. DDS (Ver_11-03-05.01) - NTFSx86 Run by Clive at 17:11:56.63 on 20/05/2011 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2266 [GMT 1:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\Clive\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\uTorrent\uTorrent.exe C:\Users\Clive\Desktop\iexplore.exe C:\Users\Clive\Desktop\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskhost.exe C:\Users\Clive\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.sky.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll mURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [sansaDispatch] c:\users\clive\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_ActiveX.exe -update activex mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\clive\appdata\roaming\mozilla\firefox\profiles\t58w0cq6.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3bb72&i=23&tp=ab&nt=1&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . ============= SERVICES / DRIVERS =============== . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-28 28552] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-13 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-13 307928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-13 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-13 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-13 42184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-30 304464] R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2010-5-10 615312] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-22 20952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-9 1343400] . =============== Created Last 30 ================ . 2011-05-15 18:20:47 -------- d-sh--w- C:\$RECYCLE.BIN 2011-05-15 18:11:00 -------- d-----w- C:\ComboFix 2011-05-13 09:04:40 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-05-13 08:32:51 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-13 08:30:49 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-13 08:30:35 40112 ----a-w- c:\windows\avastSS.scr 2011-05-13 08:30:30 -------- d-----w- c:\program files\AVAST Software 2011-05-13 08:30:30 -------- d-----w- c:\progra~2\AVAST Software 2011-05-12 07:47:49 98816 ----a-w- c:\windows\sed.exe 2011-05-12 07:47:49 89088 ----a-w- c:\windows\MBR.exe 2011-05-12 07:47:49 256512 ----a-w- c:\windows\PEV.exe 2011-05-12 07:47:49 161792 ----a-w- c:\windows\SWREG.exe 2011-05-12 05:39:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-05-12 05:39:12 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-02 20:53:14 -------- d-----w- c:\users\clive\appdata\roaming\f-secure 2011-05-02 20:44:49 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-05-02 20:44:49 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-05-02 20:44:48 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-05-02 20:44:41 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-05-02 20:44:41 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-05-02 20:44:38 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-05-02 20:44:38 294912 ----a-w- c:\windows\system32\atmfd.dll 2011-05-02 20:43:51 2331136 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 20:43:46 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-05-02 20:43:43 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-05-02 20:43:38 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-05-02 20:43:38 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-05-02 20:37:31 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-05-02 20:37:31 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-05-02 20:37:31 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-05-02 20:37:31 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-05-02 20:10:07 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE . ==================== Find3M ==================== . 2011-05-13 09:28:54 472808 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 17:49:12.90 ===============

i ran malwarebytes and it came up clean...but im still getting HBLITESA.EXE trying to start.. other logs to follow

quick update malwarebytes keepa blocking HBLITESA.EXE......i quarantine it then comes up again

the online games toolbar comes up could not open install log file. i dont suppose you know of any tools to remove it do you? anyway thanks for your help so far

. DDS (Ver_11-03-05.01) - NTFSx86 Run by Clive at 19:23:29.91 on 15/05/2011 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2000 [GMT 1:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\Clive\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\explorer.exe C:\Users\Clive\Desktop\iexplore.exe C:\Users\Clive\Desktop\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Clive\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.sky.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll mURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [sansaDispatch] c:\users\clive\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\clive\appdata\roaming\mozilla\firefox\profiles\t58w0cq6.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3bb72&i=23&tp=ab&nt=1&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . ============= SERVICES / DRIVERS =============== . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-28 28552] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-13 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-13 307928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-13 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-13 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-13 42184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-30 304464] R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2010-5-10 615312] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-22 20952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-9 1343400] . =============== Created Last 30 ================ . 2011-05-15 18:20:47 -------- d-sh--w- C:\$RECYCLE.BIN 2011-05-15 18:11:00 -------- d-----w- C:\ComboFix 2011-05-13 09:04:40 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-05-13 08:32:51 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-13 08:30:49 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-13 08:30:35 40112 ----a-w- c:\windows\avastSS.scr 2011-05-13 08:30:30 -------- d-----w- c:\program files\AVAST Software 2011-05-13 08:30:30 -------- d-----w- c:\progra~2\AVAST Software 2011-05-12 07:47:49 98816 ----a-w- c:\windows\sed.exe 2011-05-12 07:47:49 89088 ----a-w- c:\windows\MBR.exe 2011-05-12 07:47:49 256512 ----a-w- c:\windows\PEV.exe 2011-05-12 07:47:49 161792 ----a-w- c:\windows\SWREG.exe 2011-05-12 05:39:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-05-12 05:39:12 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-02 20:53:14 -------- d-----w- c:\users\clive\appdata\roaming\f-secure 2011-05-02 20:44:49 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-05-02 20:44:49 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-05-02 20:44:48 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-05-02 20:44:41 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-05-02 20:44:41 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-05-02 20:44:38 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-05-02 20:44:38 294912 ----a-w- c:\windows\system32\atmfd.dll 2011-05-02 20:43:51 2331136 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 20:43:46 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-05-02 20:43:43 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-05-02 20:43:38 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-05-02 20:43:38 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-05-02 20:37:31 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-05-02 20:37:31 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-05-02 20:37:31 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-05-02 20:37:31 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-05-02 20:10:07 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE . ==================== Find3M ==================== . 2011-05-13 09:28:54 472808 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 19:23:50.12 ===============

ComboFix 11-05-14.03 - Clive 15/05/2011 19:13:11.2.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2354 [GMT 1:00] Running from: c:\users\Clive\Desktop\ComboFix.exe Command switches used :: c:\users\Clive\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\favoritevideo\InvisibleFolder c:\favoritevideo\InvisibleFolder\peer.dll . . ((((((((((((((((((((((((( Files Created from 2011-04-15 to 2011-05-15 ))))))))))))))))))))))))))))))) . . 2011-05-15 18:18 . 2011-05-15 18:18 -------- d-----w- c:\users\Simone\AppData\Local\temp 2011-05-15 18:18 . 2011-05-15 18:18 -------- d-----w- c:\users\Elise\AppData\Local\temp 2011-05-15 18:18 . 2011-05-15 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-15 18:18 . 2011-05-15 18:18 -------- d-----w- c:\users\Alanda\AppData\Local\temp 2011-05-13 09:31 . 2011-05-13 09:31 -------- d-----w- c:\program files\Common Files\Java 2011-05-13 09:04 . 2011-05-13 09:28 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-05-13 08:32 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-13 08:32 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-13 08:32 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-13 08:32 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-13 08:32 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-13 08:30 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-13 08:30 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr 2011-05-13 08:30 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-13 08:30 . 2011-05-13 08:30 -------- d-----w- c:\programdata\AVAST Software 2011-05-13 08:30 . 2011-05-13 08:30 -------- d-----w- c:\program files\AVAST Software 2011-05-12 05:39 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-05-12 05:39 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-02 20:53 . 2011-05-02 20:53 -------- d-----w- c:\users\Clive\AppData\Roaming\f-secure 2011-05-02 20:44 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-05-02 20:44 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-05-02 20:44 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-05-02 20:44 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-05-02 20:44 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-05-02 20:44 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-05-02 20:44 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll 2011-05-02 20:43 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 20:43 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-05-02 20:43 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-05-02 20:43 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-05-02 20:43 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-05-02 20:37 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-05-02 20:37 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-05-02 20:37 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-05-02 20:37 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-05-02 20:10 . 2011-05-02 20:10 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-13 09:28 . 2010-05-02 14:59 472808 ----a-w- c:\windows\system32\deployJava1.dll . . ------- Sigcheck ------- . [-] 2010-06-12 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}"= "c:\program files\Online_Games_Bar\tbOnli.dll" [2009-12-31 2349080] . [HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}] 2009-12-31 11:53 2349080 ----a-w- c:\program files\Online_Games_Bar\tbOnli.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}"= "c:\program files\Online_Games_Bar\tbOnli.dll" [2009-12-31 2349080] . [HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{5BD40C9F-1248-4A8F-8B23-E7861C1AD7A1}"= "c:\program files\Online_Games_Bar\tbOnli.dll" [2009-12-31 2349080] . [HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-31 39408] "SansaDispatch"="c:\users\Clive\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-07-04 79872] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKLM\~\startupfolder\C:^Users^Clive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 19:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2010-04-29 14:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 15:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP] 2010-02-04 05:37 173512 ----a-w- c:\program files\Common Files\PPLiveNetwork\ppap.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664] R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\Clive\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1343400] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464] S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2010-10-14 615312] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] vvdsvc REG_MULTI_SZ vvdsvc . Contents of the 'Scheduled Tasks' folder . 2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 12:40] . 2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 12:40] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sky.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab FF - ProfilePath - c:\users\Clive\AppData\Roaming\Mozilla\Firefox\Profiles\t58w0cq6.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3bb72&i=23&tp=ab&nt=1&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-269602781-4124218411-4152644682-1001\Software\SecuROM\License information*] "datasecu"=hex:51,5d,b2,de,87,cb,5e,21,a2,38,88,99,1e,00,59,f5,47,b5,28,cd,b0, 5e,d4,a9,69,e5,2b,e3,81,64,bb,c4,dc,3b,10,aa,e4,93,9f,2d,05,d8,aa,0e,aa,cd,\ "rkeysecu"=hex:48,9d,86,85,06,f4,0a,99,28,af,b0,61,e7,79,87,7c . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-05-15 19:20:43 ComboFix-quarantined-files.txt 2011-05-15 18:20 ComboFix2.txt 2011-05-12 08:06 . Pre-Run: 341,106,634,752 bytes free Post-Run: 341,033,193,472 bytes free . - - End Of File - - 89AFF9B20BBFF65CB2A59C633ED4AFF2

. DDS (Ver_11-03-05.01) - NTFSx86 Run by Clive at 11:03:30.66 on 12/05/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2571 [GMT 1:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\Clive\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Users\Clive\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.sky.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll mURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [sansaDispatch] c:\users\clive\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\clive\appdata\roaming\mozilla\firefox\profiles\t58w0cq6.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3bb72&i=23&tp=ab&nt=1&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . ============= SERVICES / DRIVERS =============== . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-28 28552] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-30 304464] R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2010-5-10 615312] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-22 20952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-9 1343400] . =============== Created Last 30 ================ . 2011-05-12 08:02:30 -------- d-----w- C:\$RECYCLE.BIN 2011-05-12 07:47:49 98816 ----a-w- c:\windows\sed.exe 2011-05-12 07:47:49 89088 ----a-w- c:\windows\MBR.exe 2011-05-12 07:47:49 256512 ----a-w- c:\windows\PEV.exe 2011-05-12 07:47:49 161792 ----a-w- c:\windows\SWREG.exe 2011-05-12 05:39:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-05-12 05:39:12 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-02 20:53:14 -------- d-----w- c:\users\clive\appdata\roaming\f-secure 2011-05-02 20:43:51 2331136 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 20:43:46 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-05-02 20:43:43 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-05-02 20:43:38 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-05-02 20:43:38 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-05-02 20:37:31 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-05-02 20:37:31 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-05-02 20:37:31 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-05-02 20:37:31 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-05-02 20:10:07 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE . ==================== Find3M ==================== . 2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll 2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec 2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll 2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll . ============= FINISH: 11:04:07.99 ===============

ComboFix 11-05-11.02 - Clive 12/05/2011 8:51.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2438 [GMT 1:00] Running from: c:\users\Clive\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\favoritevideo\InvisibleFolder c:\favoritevideo\InvisibleFolder\_db_big20101021.zip c:\favoritevideo\InvisibleFolder\_db_big20101026.zip c:\favoritevideo\InvisibleFolder\_db_big20101031.zip c:\favoritevideo\InvisibleFolder\_db_big20101125.zip c:\favoritevideo\InvisibleFolder\_db_big20101130.zip c:\favoritevideo\InvisibleFolder\_db_big20101205.zip c:\favoritevideo\InvisibleFolder\_db_big20101210.zip c:\favoritevideo\InvisibleFolder\_db_big20110114.zip c:\favoritevideo\InvisibleFolder\_db_big20110119.zip.tpp c:\favoritevideo\InvisibleFolder\_db_big20110120.zip c:\favoritevideo\InvisibleFolder\_db_big20110125.zip.tpp c:\favoritevideo\InvisibleFolder\_db_big20110204.zip.tpp c:\favoritevideo\InvisibleFolder\_db_big20110207.zip c:\favoritevideo\InvisibleFolder\_db_big20110212.zip c:\favoritevideo\InvisibleFolder\_db_big20110218.zip c:\favoritevideo\InvisibleFolder\_db_big20110305.zip c:\favoritevideo\InvisibleFolder\_db_big20110315.zip c:\favoritevideo\InvisibleFolder\_db_big20110320.zip c:\favoritevideo\InvisibleFolder\_db_big20110321.zip c:\favoritevideo\InvisibleFolder\_db_big20110324.zip c:\favoritevideo\InvisibleFolder\_db_big20110403.zip c:\favoritevideo\InvisibleFolder\_db_big20110406.zip c:\favoritevideo\InvisibleFolder\ckdll.dll c:\favoritevideo\InvisibleFolder\mir.dll c:\favoritevideo\InvisibleFolder\peer(0).dll c:\favoritevideo\InvisibleFolder\peer(1).dll c:\favoritevideo\InvisibleFolder\peer(2).dll c:\favoritevideo\InvisibleFolder\peer(3).dll c:\favoritevideo\InvisibleFolder\peer.dll c:\favoritevideo\InvisibleFolder\pptvsetup_2.6.1.0008_s.exe c:\favoritevideo\InvisibleFolder\pptvsetup_2.6.3.0007_s2.exe c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0031_s.exe c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0036_s.exe.tpp c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0038_s.exe c:\favoritevideo\InvisibleFolder\TipsClient.dll c:\program files\PlaySushi\PSTExt.dll c:\users\Clive\AppData\Roaming\inst.exe c:\windows\7Loader.TAG c:\windows\system32\Nagasoft c:\windows\system32\Nagasoft\Codecs\asyncflt.ax c:\windows\system32\Nagasoft\Codecs\atrc.dll c:\windows\system32\Nagasoft\Codecs\cook.dll c:\windows\system32\Nagasoft\Codecs\drvc.dll c:\windows\system32\Nagasoft\Codecs\raac.dll c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll c:\windows\system32\Nagasoft\GifShower.dll c:\windows\system32\Nagasoft\vjocx.dll c:\windows\system32\system . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_vvdsvc -------\Service_vvdsvc . . ((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 ))))))))))))))))))))))))))))))) . . 2011-05-12 07:56 . 2011-05-12 07:56 -------- d-----w- c:\users\Simone\AppData\Local\temp 2011-05-12 07:56 . 2011-05-12 07:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-12 07:56 . 2011-05-12 07:56 -------- d-----w- c:\users\Elise\AppData\Local\temp 2011-05-12 07:56 . 2011-05-12 07:56 -------- d-----w- c:\users\Alanda\AppData\Local\temp 2011-05-02 20:53 . 2011-05-02 20:53 -------- d-----w- c:\users\Clive\AppData\Roaming\f-secure 2011-05-02 20:43 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 20:43 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-05-02 20:43 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-05-02 20:43 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-05-02 20:43 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-05-02 20:37 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-05-02 20:37 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-05-02 20:37 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-05-02 20:37 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-05-02 20:10 . 2011-05-02 20:10 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ------- Sigcheck ------- . [-] 2010-06-12 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}"= "c:\program files\Online_Games_Bar\tbOnli.dll" [2009-12-31 2349080] . [HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}] 2009-12-31 11:53 2349080 ----a-w- c:\program files\Online_Games_Bar\tbOnli.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}"= "c:\program files\Online_Games_Bar\tbOnli.dll" [2009-12-31 2349080] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] . [HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{5BD40C9F-1248-4A8F-8B23-E7861C1AD7A1}"= "c:\program files\Online_Games_Bar\tbOnli.dll" [2009-12-31 2349080] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-31 39408] "SansaDispatch"="c:\users\Clive\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-07-04 79872] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKLM\~\startupfolder\C:^Users^Clive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 19:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2010-04-29 14:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 15:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP] 2010-02-04 05:37 173512 ----a-w- c:\program files\Common Files\PPLiveNetwork\ppap.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664] R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\Clive\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1343400] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464] S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2010-10-14 615312] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] vvdsvc REG_MULTI_SZ vvdsvc . Contents of the 'Scheduled Tasks' folder . 2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 12:40] . 2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 12:40] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sky.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab FF - ProfilePath - c:\users\Clive\AppData\Roaming\Mozilla\Firefox\Profiles\t58w0cq6.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3bb72&i=23&tp=ab&nt=1&q= FF - prefs.js: keyword.enabled - true FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . - - - - ORPHANS REMOVED - - - - . Notify-WgaLogon - (no file) MSConfigStartUp-J8RPLTROBQ - c:\users\Clive\AppData\Local\Temp\c.exe MSConfigStartUp-LosAlamos - c:\windows\system32\sshnas.dll . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-269602781-4124218411-4152644682-1001\Software\SecuROM\License information*] "datasecu"=hex:51,5d,b2,de,87,cb,5e,21,a2,38,88,99,1e,00,59,f5,47,b5,28,cd,b0, 5e,d4,a9,69,e5,2b,e3,81,64,bb,c4,dc,3b,10,aa,e4,93,9f,2d,05,d8,aa,0e,aa,cd,\ "rkeysecu"=hex:48,9d,86,85,06,f4,0a,99,28,af,b0,61,e7,79,87,7c . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\AUDIODG.EXE c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2011-05-12 09:06:53 - machine was rebooted ComboFix-quarantined-files.txt 2011-05-12 08:06 . Pre-Run: 342,765,256,704 bytes free Post-Run: 345,876,303,872 bytes free . - - End Of File - - 1DBE3B2686A472225F576832F3262F86

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 6559 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/05/2011 06:54:19 mbam-log-2011-05-12 (06-54-19).txt Scan type: Quick scan Objects scanned: 208205 Time elapsed: 12 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Users\Clive\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> Quarantined and deleted successfully. Files Infected: C:\Users\Clive\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> Quarantined and deleted successfully. combofix to follow

DDS (Ver_11-03-05.01) - NTFSx86 Run by Clive at 10:23:00.02 on 09/05/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2294 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Users\Clive\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Clive\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.sky.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll mURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [sansaDispatch] c:\users\clive\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [EPSON S21 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifae.exe /fu "c:\windows\temp\E_SF69.tmp" /EF "HKCU" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\clive\appdata\roaming\mozilla\firefox\profiles\t58w0cq6.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3bb72&i=23&tp=ab&nt=1&q= FF - prefs.js: keyword.enabled - trueFF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - component: c:\users\clive\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-28 28552] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-30 304464] R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2010-5-10 615312] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-22 20952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\clive\appdata\local\temp\onlinescanner\anti-virus\fsgk.sys [2011-5-2 70144] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-9 1343400] . =============== Created Last 30 ================ . 2011-05-02 20:53:14 -------- d-----w- c:\users\clive\appdata\roaming\f-secure 2011-05-02 20:43:51 2331136 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 20:43:46 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-05-02 20:43:43 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-05-02 20:43:38 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-05-02 20:43:38 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-05-02 20:37:31 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-05-02 20:37:31 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-05-02 20:37:31 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-05-02 20:37:31 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-05-02 20:10:07 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2011-04-09 14:56:07 -------- d-----w- c:\program files\SmartDraw VP . ==================== Find3M ==================== . 2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll 2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec 2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll 2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll . ============= FINISH: 10:24:19.08 ===============

sorry double post...requested log to follow