Jump to content

LOL

Honorary Members
  • Posts

    33
  • Joined

  • Last visited

Everything posted by LOL

  1. Hi MrC, I managed to download a copy of IE 10 from the second link, but it wouldn't load as the setup program says that a later version of IE is already installed. Reading on the net, it seems that a lot of folk are haviong difficulty upgrading Windows 7 Starter to IE version11. You don't seem to be able to find any evidence of an infection, so as there isn't much data on this machine, I think that unless you have a better idea, I'll just reset it back to factory settings and see if that resolves the issues. I only use it for web browsing, so it's pretty useless with the browsers behaving as they are. Can you advise how I remove the programs such as Zoek, JRT etc.? Thanks N
  2. Hi, This doesn't seem to be possible. The IE 10 download page doesn't seem to exist any longer. Everything I tried points to using IE11 instead. However the IE 11setup has failed several times. I don't know whether this is because this machine is only using Windows 7 Starter?
  3. No, nothing noticable Both browsers (IE & Firefox) are still having the same problems. Both taking a minute plus to launch. Running slow. Firefox I have to close after a few minutes because "a script is running slow or has stopped working". IE still closes after a short while "Internet Explorer has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available". N
  4. Hi, Here is the log from Zoek Zoek.exe v5.0.0.0 Updated 16-November-2014 Tool run by Norma on 19/11/2014 at 1:05:14.93. Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Norma\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 19/11/2014 01:13:47 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2061290426-1330879846-2013246735-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Norma\Downloads\456_189_182444monthlysavings9912347lp.pdf deleted C:\Windows\system32\config\systemprofile\Searches deleted "C:\Users\Norma\AppData\Local\{8080774B-D335-4643-B249-C41310281906}" deleted "C:\Users\Norma\AppData\Local\{9862EC6D-8E8D-4714-8AAF-FA1A96C1C81D}" deleted ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Norma\AppData\Roaming\Mozilla\Firefox\Profiles\e9696u54.default-1416269746444 67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash 893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://home.bt.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://home.bt.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2061290426-1330879846-2013246735-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully HKEY_USERS\S-1-5-21-2061290426-1330879846-2013246735-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully ==== Empty IE Cache ====================== C:\Users\Norma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Norma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Norma\AppData\Local\Mozilla\Firefox\Profiles\e9696u54.default-1416269746444\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=6 folders=1 122330 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Norma\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Norma\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 19/11/2014 at 7:56:15.76 ====================== Norma
  5. Hi, I've tried everything in your last post - a copy of the JRT log is below The fact that two anti-virus programs were running sounded promising - I thought Windows Defender was disabled. I followed your instruction to close it, but disappointingly this doesn't seem to have made any noticable difference I re-set both browsers (IE & Firefox). At first this seemed to have made at least a small improvement. I turned-off and re-booted. I waited until the desktop was open then left it another 3-4 minutes to try to ensure that all start-up process was complete, then I clicked on Firefox. It took about one minute forty-five seconds for the browser window to open. Once open it was v slow I closed this down and a couple of minutes later launched IE. It seemed to be going ok for a few seconds and then I got the following error message (this is the original problem I was having with IE) "Internet Explorer has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available" It closed, but no further information came through. I tried to open it again and the same thing happened ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.9 (11.15.2014:2) OS: Windows 7 Starter x86 Ran by Norma on 17/11/2014 at 18:24:10.33 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{0C398276-CABC-4FDA-86C8-BF2E58CC8B36} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{1470DD10-2750-4776-880B-596897D12A07} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{18956F84-AF62-4C64-83CB-B38929288904} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{1980D750-BB9E-4CAE-BE81-3B5E5701AFEA} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{20EE4B77-A50E-48A2-A29E-D12CE8F831A7} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{3E93A319-1D46-4587-8131-5D7C65D6DA79} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{5B853424-08FB-47E7-A721-03F8E5567DE1} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{783B0864-5040-40AA-9516-8DFEE1DAF6AE} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{8F7DECE8-0E9F-448D-B359-59F315A6835B} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{90801478-3B7E-4EB6-B193-F31D26C7FBE6} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{93232B18-A2B1-47EA-9630-ECAE99ED78E3} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{AB629AA1-1FF4-454D-8A5E-DC7014BF3D9A} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{C5C72EBE-658D-46D2-AF41-9F56AE2C147A} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{C624BF38-208A-4A77-814B-5B81420134E5} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{E7D0557A-65F8-430F-BEAC-A5BAF1672B52} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17/11/2014 at 18:37:12.66 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It seems like the tools aren't really finding much wrong, but any other ideas would be appreciated Norma
  6. Hi MrCharlie, Many thanks for your assistance I've done as you asked and the logs are below Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 16/11/2014 Scan Time: 20:20:37 Logfile: Malwarebytes Log.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.16.05 Rootkit Database: v2014.11.12.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Norma Scan Type: Threat Scan Result: Completed Objects Scanned: 291706 Time Elapsed: 23 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Norma [Administrator] Mode : Scan -- Date : 11/16/2014 21:51:41 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 4 ¤¤¤ [PUM.HomePage] HKEY_USERS\S-1-5-21-2061290426-1330879846-2013246735-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://home.bt.com/ -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-2061290426-1330879846-2013246735-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD1600BEVT-22A23T0 +++++ --- User --- [MBR] bb78c3317fca385c8ba4048e43e6a283 [bSP] 686818fc42b5893c09b487e08ce273d9 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 13319 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27278370 | Size: 101 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27487215 | Size: 139205 MB User = LL1 ... OK User = LL2 ... OK
  7. Computer has been running pretty slow, particularly online. I ran malwarebytes and it identified and removed several viruses, but not much has improved. Internet Explorer is barely working at all - keeps having error messages and having to close. Firefox is only slightly better. It runs, but is painfully slow moving from one page to the next. Unfortunately I did run c cleaner and Old Timer TFC to see if cleaning out junk and temporary files would help. It didn't, though both removed rather a lot. I see from your pinned instructions that this might not have been helpful. Here are the logs from the Farbar tool. I'd be grateful for any help you can give. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-11-2014 01 Ran by Norma (administrator) on NORMA-PC on 16-11-2014 16:05:41 Running from C:\Users\Norma\Downloads Loaded Profile: Norma (Available profiles: Norma) Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Registration\GregHSRW.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-20] (AVAST Software) HKU\S-1-5-21-2061290426-1330879846-2013246735-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-30] (Piriform Ltd) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_enGB411GB411 SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_enGB411GB411 BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpIdfPlugin.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Norma\AppData\Roaming\Mozilla\Firefox\Profiles\30pbpk6y.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin: @ei.UtilityChest_49.com/Plugin -> C:\Program Files\UtilityChest_49EI\Installr\1.bin\NP49EISB.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor8.0; c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-21] (AVAST Software) R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [106488 2014-07-21] (AVAST Software) S3 GameConsoleService; C:\Program Files\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [238328 2009-10-10] (WildTangent, Inc.) R2 Greg_Service; C:\Program Files\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed] R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-21] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-21] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-21] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [270752 2014-07-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-21] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-21] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-21] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-21] () S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-13] (Microsoft Corporation) S3 EUCR; C:\Windows\system32\drivers\EUCR6SK.SYS [82384 2010-03-02] (ENE Technology Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-16 16:05 - 2014-11-16 16:07 - 00009039 _____ () C:\Users\Norma\Downloads\FRST.txt 2014-11-16 16:04 - 2014-11-16 16:05 - 00000000 ____D () C:\FRST 2014-11-16 16:03 - 2014-11-16 16:03 - 01108992 _____ (Farbar) C:\Users\Norma\Downloads\FRST.exe 2014-11-16 14:56 - 2014-11-16 15:18 - 00006867 _____ () C:\Windows\IE11_main.log 2014-11-15 23:36 - 2014-11-16 14:38 - 00000112 _____ () C:\Windows\setupact.log 2014-11-15 23:36 - 2014-11-15 23:36 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-15 22:46 - 2014-11-15 22:47 - 00000000 ____D () C:\Program Files\CCleaner 2014-11-15 22:42 - 2014-11-15 22:42 - 04976456 _____ (Piriform Ltd) C:\Users\Norma\Downloads\ccsetup419.exe 2014-11-15 16:20 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-14 17:32 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-14 17:25 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-14 17:25 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-14 00:52 - 2014-11-14 01:00 - 00000000 ____D () C:\AdwCleaner 2014-11-13 23:53 - 2014-11-16 14:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-13 23:51 - 2014-11-13 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-13 23:51 - 2014-11-13 23:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-11-13 23:51 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-13 23:51 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-13 22:51 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-13 22:49 - 2014-10-10 00:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-13 22:49 - 2014-10-03 01:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-13 22:49 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-13 22:49 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-13 22:49 - 2014-10-03 01:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-13 22:49 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-13 22:43 - 2014-11-13 22:43 - 00006576 ____N () C:\bootsqm.dat 2014-11-13 21:19 - 2014-11-05 17:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-13 21:18 - 2014-11-05 17:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-13 21:18 - 2014-11-05 17:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-13 21:18 - 2014-10-26 00:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-13 21:18 - 2014-10-26 00:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-13 21:18 - 2014-10-26 00:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-13 21:18 - 2014-10-26 00:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-13 21:18 - 2014-10-26 00:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-13 21:18 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-13 21:17 - 2014-10-26 00:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-13 21:17 - 2014-10-26 00:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-13 21:17 - 2014-10-26 00:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-13 21:17 - 2014-10-26 00:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-13 21:17 - 2014-10-26 00:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-13 21:17 - 2014-10-26 00:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-13 21:17 - 2014-10-25 23:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-11-13 21:16 - 2014-10-14 01:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-13 21:16 - 2014-10-14 01:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-13 21:16 - 2014-10-14 01:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-13 21:16 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-13 21:16 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-10 19:04 - 2014-11-10 19:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-09 10:44 - 2014-11-11 20:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak 2014-10-18 11:43 - 2014-10-18 11:43 - 00000000 ____D () C:\Users\Norma\AppData\Local\Macromedia 2014-10-18 11:26 - 2014-10-18 11:26 - 00000000 ____D () C:\ProgramData\McAfee 2014-10-18 11:25 - 2014-11-16 15:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-18 11:25 - 2014-11-11 20:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-10-18 11:25 - 2014-11-11 20:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-16 15:43 - 2009-07-14 04:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-16 15:43 - 2009-07-14 04:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-16 15:42 - 2011-02-24 21:11 - 00000000 ____D () C:\Users\Norma\AppData\Local\CrashDumps 2014-11-16 15:39 - 2010-06-15 00:52 - 01079208 _____ () C:\Windows\WindowsUpdate.log 2014-11-16 14:39 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-16 00:14 - 2011-06-07 23:08 - 00000000 ___RD () C:\Users\Norma\Desktop\Security 2014-11-15 23:44 - 2010-05-05 11:12 - 00393022 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-15 23:30 - 2014-06-16 22:29 - 00000000 ____D () C:\Users\Norma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-11-15 23:28 - 2014-06-16 22:28 - 00000000 ____D () C:\Program Files\Sophos 2014-11-15 22:56 - 2007-07-12 01:49 - 00000000 ____D () C:\Windows\Panther 2014-11-15 18:11 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-14 17:03 - 2009-07-14 04:33 - 00339336 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-14 17:00 - 2014-05-07 17:01 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-14 01:51 - 2010-05-05 11:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-14 01:36 - 2013-07-19 16:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-14 01:30 - 2011-01-01 10:02 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-13 23:52 - 2011-06-07 22:55 - 00000000 ____D () C:\Users\Norma\AppData\Roaming\Malwarebytes 2014-11-13 23:51 - 2011-06-07 22:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-13 23:51 - 2011-06-07 22:55 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-11-12 08:53 - 2014-03-04 18:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-10-28 06:35 - 2011-02-20 12:53 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-18 11:26 - 2010-12-29 21:27 - 00000000 ____D () C:\Users\Norma\AppData\Local\Adobe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-16 10:53 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-11-2014 01 Ran by Norma at 2014-11-16 16:08:11 Running from C:\Users\Norma\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden 4500_G510gm_Help (Version: 000.0.440.000 - Hewlett-Packard) Hidden 4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510gm_starter (Version: 000.0.423.000 - Hewlett-Packard) Hidden Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (HKLM\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2002.1115 - Alps Electric) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.29 - Atheros Communications Inc.) avast! Internet Security (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software) Bejeweled 2 Deluxe (Version: 2.2.0.82 - WildTangent) Hidden Blasterball 3 (Version: 2.2.0.82 - WildTangent) Hidden Bob the Builder Can-Do-Zoo (Version: 2.2.0.82 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) Chicken Invaders 3 - Revenge of the Yolk (Version: 2.2.0.82 - WildTangent) Hidden Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden ENE USB Card Reader Driver (HKLM\...\F3C7F6463C419D1D216961B5B81E2FE534986562) (Version: 5.89.0.66 - ENE) Escape Rosecliff Island (Version: 2.2.0.82 - WildTangent) Hidden Faerie Solitaire (Version: 2.2.0.82 - WildTangent) Hidden FATE - The Traitor Soul (Version: 2.2.0.82 - WildTangent) Hidden HP IDF Software (HKLM\...\{974025B1-769B-49E9-817C-C638ABE8F372}) (Version: 11.15.1000 - Hewlett-Packard Company) HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP) Identity Card (HKLM\...\Identity Card) (Version: 1.00.3002 - Packard Bell) Insaniquarium Deluxe (Version: 2.2.0.82 - WildTangent) Hidden Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Jewel Quest (Version: 2.2.0.82 - WildTangent) Hidden Jewel Quest Solitaire 3 (Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM\...\LManager) (Version: 4.0.8 - Packard Bell) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Network (Version: 130.0.550.000 - Hewlett-Packard) Hidden Packard Bell Game Console (Version: - WildTangent) Hidden Packard Bell Games (HKLM\...\WildTangent packardbell Master Uninstall) (Version: 1.0.0.80 - WildTangent) Packard Bell InfoCentre (HKLM\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell) Packard Bell Power Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3002 - Packard Bell) Packard Bell Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Packard Bell) Packard Bell Registration (HKLM\...\Packard Bell Registration) (Version: 1.02.3006 - Packard Bell) Packard Bell Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell) Peggle (Version: 2.2.0.82 - WildTangent) Hidden Penguins! (Version: 2.2.0.82 - WildTangent) Hidden Polar Bowler (Version: 2.2.0.82 - WildTangent) Hidden Polar Golfer (Version: 2.2.0.82 - WildTangent) Hidden Polar Pool (Version: 2.2.0.82 - WildTangent) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.) Revo Uninstaller 1.91 (HKLM\...\Revo Uninstaller) (Version: 1.91 - VS Revo Group) Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Video Web Camera (HKLM\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 5.0.1.0 - liteon) Virtual Families (Version: 2.2.0.82 - WildTangent) Hidden Virtual Villagers - A New Home (Version: 2.2.0.82 - WildTangent) Hidden WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden Welcome Center (HKLM\...\Packard Bell Welcome Center) (Version: 1.01.3002 - Packard Bell) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Yahtzee (Version: 2.2.0.82 - WildTangent) Hidden Zuma Deluxe (Version: 2.2.0.82 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 31-10-2014 20:25:52 Windows Update 01-11-2014 13:59:16 Windows Update 02-11-2014 09:15:22 Windows Update 02-11-2014 14:39:57 Windows Update 04-11-2014 18:29:19 Windows Update 05-11-2014 08:50:59 Windows Update 06-11-2014 17:09:36 Windows Update 07-11-2014 18:22:28 Windows Update 09-11-2014 10:18:01 Windows Update 10-11-2014 18:46:48 Windows Update 11-11-2014 20:25:49 Windows Update 14-11-2014 01:27:42 Windows Update 15-11-2014 10:58:11 Windows Modules Installer 15-11-2014 20:00:06 Windows Update 15-11-2014 21:29:32 Windows Update 15-11-2014 23:10:03 Revo Uninstaller's restore point - Sophos Virus Removal Tool 15-11-2014 23:14:44 Revo Uninstaller's restore point - Sophos Virus Removal Tool 16-11-2014 14:52:28 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {D1F9C5AA-4BDA-484A-8D6B-4B7E5DC7F5B5} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-07-21] (AVAST Software) Task: {D81313B3-1C58-4793-9783-B3928E456459} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd) Task: {E295260C-FF64-4CE5-9A45-8E417BA3D34F} - System32\Tasks\{7BD24BE9-407D-452C-A793-1599F03B4BA5} => Iexplore.exe http://ui.skype.com/ui/0/4.1.0.179.370/en/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {FB0A7198-A871-402C-AF60-BA96357492F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-21 20:52 - 2014-07-21 20:52 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll 2014-11-15 17:54 - 2014-11-15 17:54 - 02903040 _____ () C:\Program Files\Alwil Software\Avast5\defs\14111501\algo.dll 2014-11-16 14:44 - 2014-11-16 14:44 - 02903040 _____ () C:\Program Files\Alwil Software\Avast5\defs\14111600\algo.dll 2014-07-21 20:52 - 2014-07-21 20:52 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll 2014-11-10 19:04 - 2014-11-10 19:06 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Norma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-2061290426-1330879846-2013246735-500 - Administrator - Disabled) Guest (S-1-5-21-2061290426-1330879846-2013246735-501 - Limited - Disabled) Norma (S-1-5-21-2061290426-1330879846-2013246735-1000 - Administrator - Enabled) => C:\Users\Norma ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/16/2014 03:42:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x13ac Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 03:41:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1448 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 03:39:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59 Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x1308 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (11/16/2014 03:39:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 33.1.0.5423 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: d98 Start Time: 01d001abe06f022e Termination Time: 1470 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: aed786e9-6da6-11e4-813b-88ae1d127725 Error: (11/16/2014 00:06:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x614 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 00:06:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xb08 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 00:04:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xe5c Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 00:04:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x468 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 00:03:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xed8 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 00:03:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xee4 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 System errors: ============= Error: (11/16/2014 03:37:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7. Error: (11/16/2014 03:37:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Software Protection service failed to start due to the following error: %%1053 Error: (11/16/2014 03:37:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. Error: (11/16/2014 03:32:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. Error: (11/16/2014 03:30:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. Error: (11/16/2014 02:50:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (11/16/2014 02:39:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 Error: (11/15/2014 11:36:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 Error: (11/15/2014 09:38:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 Error: (11/15/2014 09:37:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2012-03-04 01:17:39.223 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Atom CPU N450 @ 1.66GHz Percentage of memory in use: 82% Total physical RAM: 1013.1 MB Available physical RAM: 174.67 MB Total Pagefile: 2434.78 MB Available Pagefile: 1208.81 MB Total Virtual: 2047.88 MB Available Virtual: 1914.59 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:135.94 GB) (Free:98.81 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: BDBD5BA8) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=135.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thanks Norma
  8. Hi Chris, Thanks for all your help I'll try to follow your guidance and hopefully won't need to visit your forum again Keep up the good work! Regards LOL
  9. Hi, I've done all of that As far as I can tell there are no issues now and everything seems to be working fine Thanks for all your help I guess you would recommend the full version of Malwarebytes? Is this a full security suite that would replace my anti-virus, or just an enhanced version of the free programme? LOL
  10. Logs attached as requested The checkup report seems to indicate I'm running Avast version 5, but it is version 6 (6.0.1289). Just to be sure I ran "update" and after a few minutes got the response that I'm running the latest programme with the latest definitions The system appears to be running fine now. I'm not experiencing any issues at all ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=fb100e2745a1b246aa9b1e4aa65d7f1a # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-05 02:08:54 # local_time=2011-11-05 02:08:54 (+0000, GMT Standard Time) # country="United Kingdom" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 32100926 32100926 0 0 # compatibility_mode=8192 67108863 100 0 293 293 0 0 # compatibility_mode=9217 16777214 75 70 31441467 37079972 0 0 # scanned=72537 # found=1 # cleaned=1 # scan_time=4904 C:\Documents and Settings\Owner\Local Settings\Temp\A9R5A17.tmp JS/Exploit.Pdfka.PFS.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=fb100e2745a1b246aa9b1e4aa65d7f1a # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-21 06:43:59 # local_time=2011-11-21 06:43:59 (+0000, GMT Standard Time) # country="United Kingdom" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 33499694 33499694 0 0 # compatibility_mode=8192 67108863 100 0 1399061 1399061 0 0 # compatibility_mode=9217 16777214 75 4 487690 487690 0 0 # scanned=142652 # found=0 # cleaned=0 # scan_time=5041 Results of screen317's Security Check version 0.99.28 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! avast! Free Antivirus ESET Online Scanner v3 ZoneAlarm Firewall ZoneAlarm Free ZoneAlarm Toolbar ZoneAlarm Security ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner (remove only) Java 6 Update 22 Java version out of date! Adobe Reader 9 (Adobe Reader out of date!) ```````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe ``````````End of Log````````````
  11. Logs posted as per your instructions ComboFix 11-11-15.06 - Owner 16/11/2011 1:40.5.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2039.1610 [GMT 0:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\regobj.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_rrdg . . ((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 ))))))))))))))))))))))))))))))) . . 2011-11-12 12:04 . 2011-11-16 01:21 -------- d-----w- c:\windows\Internet Logs 2011-11-12 12:03 . 2011-11-12 12:03 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint 2011-11-12 12:02 . 2011-11-12 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint 2011-11-05 12:42 . 2011-11-05 12:42 -------- d-----w- c:\program files\ESET . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-10 14:22 . 2003-03-03 22:57 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2002-09-23 22:10 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 11:41 . 2008-07-29 19:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 11:41 . 2006-05-11 21:58 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 11:41 . 2006-05-11 21:58 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 20:45 . 2010-10-29 23:52 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:45 . 2010-10-29 23:52 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-06 20:38 . 2011-05-26 15:29 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:37 . 2010-10-29 23:52 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-06 20:36 . 2010-10-29 23:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-06 20:36 . 2010-10-29 23:52 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-06 20:36 . 2010-10-29 23:52 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-09-06 20:36 . 2010-10-29 23:52 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-09-06 20:36 . 2010-10-29 23:52 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-09-06 20:33 . 2010-10-29 23:52 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-09-06 13:20 . 2003-01-01 15:41 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 17:00 . 2008-12-23 18:22 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 23:48 . 2006-05-11 21:59 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48 . 2006-05-11 21:57 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48 . 2006-05-11 21:56 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56 . 2008-11-03 16:33 385024 ----a-w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((( SnapShot_2011-11-10_16.22.18 ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-12 12:04 . 2011-11-12 12:04 62464 c:\windows\Installer\55938.msi + 2011-11-12 12:03 . 2011-11-12 12:03 28672 c:\windows\Installer\55931.msi + 2011-11-12 12:02 . 2011-11-12 12:02 41472 c:\windows\Installer\5592a.msi + 2011-11-10 17:18 . 2011-11-10 17:18 22016 c:\windows\Installer\36add3.msi + 2008-07-29 08:05 . 2008-07-29 08:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 08:05 . 2008-07-29 08:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 03:54 . 2008-07-29 03:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 05:23 . 2008-07-29 05:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll + 2008-07-29 05:23 . 2008-07-29 05:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll + 2008-07-29 03:51 . 2008-07-29 03:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll + 2011-11-09 20:01 . 2011-11-09 20:01 525840 c:\windows\system32\vsdatant.sys - 2002-09-23 22:10 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll + 2002-09-23 22:10 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-06-29 17:56 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet v series) - 1.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet v series) - 1.lnk backup=c:\windows\pss\HPAiODevice(hp officejet v series) - 1.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk backup=c:\windows\pss\reminder-ScanSoft Product Registration.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 13:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] 2003-08-19 02:56 852038 ----a-w- c:\windows\system32\nview.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2003-08-19 02:56 323584 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe] 2006-09-20 08:35 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26/05/2011 15:29 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29/10/2010 23:52 320856] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/10/2010 23:52 20568] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [03/11/2011 14:44 27016] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [03/11/2011 14:44 497280] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2011 16:57 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2011 16:57 136176] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [16/06/2010 21:32 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [16/06/2010 21:32 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [16/06/2010 21:32 42752] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [11/05/2006 21:59 14336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 16:57] . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 16:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://bt.yahoo.com uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://srch-qgb10.hpwis.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-16 02:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(648) c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'lsass.exe'(704) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'explorer.exe'(800) c:\windows\system32\WININET.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\progra~1\MI3AA1~1\rapimgr.exe . ************************************************************************** . Completion time: 2011-11-16 02:17:44 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-16 02:17 ComboFix2.txt 2011-11-10 16:37 . Pre-Run: 21,995,094,016 bytes free Post-Run: 21,976,731,648 bytes free . - - End Of File - - B2723D8219C4BB30837B33BACE2AB4E5 . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Owner at 2:25:29 on 2011-11-16 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2039.1559 [GMT 0:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Free Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://bt.yahoo.com uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://srch-qgb10.hpwis.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [iSW] mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe" IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224346127578 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228074168671 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-29 320856] R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-29 20568] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-29 44768] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176] S2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-6-16 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-6-16 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-6-16 42752] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-5-11 14336] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2011-11-12 12:04:28 -------- d-----w- c:\windows\Internet Logs 2011-11-12 12:03:55 -------- d-----w- c:\documents and settings\owner\application data\CheckPoint 2011-11-12 12:02:43 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint 2011-11-05 12:42:21 -------- d-----w- c:\program files\ESET . ==================== Find3M ==================== . 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 11:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 11:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 11:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 17:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 2:26:48.07 ===============
  12. Sorry, even on it's own the log was too long, so I've had to attach it LOL ComboFixlog.txt
  13. Hi Chris, Thanks for your help I tried to paste in the logs you asked for, but the post was too long so here's MBAM & DDS, I'll try sending the ComboFix log in a separate reply Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8132 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/11/2011 15:41:34 mbam-log-2011-11-10 (15-41-34).txt Scan type: Quick scan Objects scanned: 156858 Time elapsed: 5 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Owner at 17:02:26 on 2011-11-10 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2039.1474 [GMT 0:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://bt.yahoo.com uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://srch-qgb10.hpwis.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224346127578 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228074168671 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-29 320856] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-11-3 532224] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-29 20568] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-29 44768] S0 rrdg;rrdg;c:\windows\system32\drivers\redsk.sys --> c:\windows\system32\drivers\redsk.sys [?] S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192] S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-6-16 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-6-16 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-6-16 42752] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-5-11 14336] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2011-11-10 15:58:37 -------- d-----w- C:\ComboFix 2011-11-05 12:42:21 -------- d-----w- c:\program files\ESET . ==================== Find3M ==================== . 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-26 11:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 11:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 11:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 17:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec 2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys . ============= FINISH: 17:03:48.09 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 17/10/2008 16:42:48 System Uptime: 10/11/2011 16:18:36 (1 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series Processor: Intel® Pentium® 4 CPU 2.60GHz | Socket 478 | 2600/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 70 GiB total, 21.356 GiB free. D: is FIXED (FAT32) - 4 GiB total, 0.574 GiB free. E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 455.885 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1: 10/11/2011 15:59:03 - System Checkpoint . ==== Installed Programs ====================== . . 7-Zip 9.20 Acrobat.com Adobe AIR Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Reader 9 AiO_Scan AIOMinimal AiOSoftware Amazon MP3 Downloader 1.0.4 ArcSoft PhotoStudio 5.5 ArcSoft ShowBiz 2 Audacity 1.2.6 avast! Free Antivirus BT Broadband Desktop Help BT Broadband Support Tools BT Yahoo! Applications BTHomeHub Canon CanoScan Toolbox 5.0 Canon iP4500 series Canon iP4500 series User Registration Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu CanoScan 4400F CCleaner (remove only) CD-LabelPrint Coupon Printer DeepSkyStacker ESET Online Scanner v3 EZ Vinyl/Tape Converter 1.5.2.0 by MixMeister Fax GIMP 2.6.4 Google Update Helper GoToAssist Corporate Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Deskjet Preloaded Printer Drivers hp officejet v series HP PSC & OfficeJet 3.0 HP Software Update HpSdpAppCoreApp Intel® Extreme Graphics Driver InterVideo WinDVD Player Java Auto Updater Java 6 Update 22 KBD LAME v3.98.2 for Audacity Malwarebytes' Anti-Malware version 1.51.2.1300 Memories Disc Creator 2.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft ActiveSync Microsoft Bootvis Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Professional Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Neat Image v6 Demo (with plug-in) Noiseware Community Edition NVIDIA GART Driver OLYMPUS Master 2 OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 PC-Doctor for Windows Presto! PageManager 7.15.14 PrintScreen PS2 Python 2.2 combined Win32 extensions Python 2.2.1 Readme RecordNow! RegiStax 5.1 Revo Uninstaller 1.75 Scan ScanSoft OmniPage SE 4.0 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Serif PhotoPlus 9.0 Serif PhotoPlus 9.0 Resource CD-ROM Serif PhotoPlus Association File Formats Sonic Update Manager SonicStage 4.3 TextBridge Pro 98 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971930) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VLC media player 1.1.11 WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Yahoo! Toolbar ZoneAlarm . ==== Event Viewer Messages From Past Week ======== . 08/11/2011 14:51:11, error: Dhcp [1002] - The IP address lease 192.168.1.67 for the Network Card with network address 000C76A036CB has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message). 05/11/2011 07:35:37, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 05/11/2011 02:33:53, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant 05/11/2011 02:33:53, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning. 05/11/2011 02:33:53, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File ===========================
  14. I have now managed to regain control of the computer by running malwarebytes from a datastick in safe mode. It found and removed a handful of infections. I then ran a full scan with Avast which found another and finally ran a scan using the ESET online scanner which picked up and removed a Trojan. The machine seems to be ok now, but I've run the DDS scan tool and would appreciate advice on whether I am now actually clean - logs below . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Owner at 12:20:51 on 2011-11-06 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2039.1519 [GMT 0:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://bt.yahoo.com uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://srch-qgb10.hpwis.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" uPolicies-system: DisableTaskMgr = 0 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224346127578 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228074168671 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-29 320856] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-11-3 532224] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-29 20568] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-29 44768] S0 rrdg;rrdg;c:\windows\system32\drivers\redsk.sys --> c:\windows\system32\drivers\redsk.sys [?] S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192] S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-6-16 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-6-16 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-6-16 42752] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-5-11 14336] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2011-11-05 12:42:21 -------- d-----w- c:\program files\ESET 2011-11-04 13:22:15 95744 ----a-w- c:\documents and settings\owner\application data\dwlGina3.dll . ==================== Find3M ==================== . 2011-09-26 11:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 11:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 11:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 17:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec 2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys . ============= FINISH: 12:22:52.78 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 17/10/2008 16:42:48 System Uptime: 06/11/2011 11:29:40 (1 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series Processor: Intel® Pentium® 4 CPU 2.60GHz | Socket 478 | 2600/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 70 GiB total, 19.693 GiB free. D: is FIXED (FAT32) - 4 GiB total, 0.574 GiB free. E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 455.885 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . . 7-Zip 9.20 Acrobat.com Adobe AIR Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Reader 9 AiO_Scan AIOMinimal AiOSoftware Amazon MP3 Downloader 1.0.4 ArcSoft PhotoStudio 5.5 ArcSoft ShowBiz 2 Audacity 1.2.6 avast! Free Antivirus BT Broadband Desktop Help BT Broadband Support Tools BT Yahoo! Applications BTHomeHub Canon CanoScan Toolbox 5.0 Canon iP4500 series Canon iP4500 series User Registration Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu CanoScan 4400F CCleaner (remove only) CD-LabelPrint Coupon Printer DeepSkyStacker ESET Online Scanner v3 EZ Vinyl/Tape Converter 1.5.2.0 by MixMeister Fax GIMP 2.6.4 Google Update Helper GoToAssist Corporate Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Deskjet Preloaded Printer Drivers hp officejet v series HP PSC & OfficeJet 3.0 HP Software Update HpSdpAppCoreApp Intel® Extreme Graphics Driver InterVideo WinDVD Player Java Auto Updater Java 6 Update 22 KBD LAME v3.98.2 for Audacity Malwarebytes' Anti-Malware version 1.51.2.1300 Memories Disc Creator 2.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft ActiveSync Microsoft Bootvis Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Professional Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Neat Image v6 Demo (with plug-in) Noiseware Community Edition NVIDIA GART Driver OLYMPUS Master 2 OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 PC-Doctor for Windows Presto! PageManager 7.15.14 PrintScreen PS2 Python 2.2 combined Win32 extensions Python 2.2.1 Readme RecordNow! RegiStax 5.1 Revo Uninstaller 1.75 Scan ScanSoft OmniPage SE 4.0 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Serif PhotoPlus 9.0 Serif PhotoPlus 9.0 Resource CD-ROM Serif PhotoPlus Association File Formats Sonic Update Manager SonicStage 4.3 TextBridge Pro 98 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971930) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VLC media player 1.1.11 WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Yahoo! Toolbar ZoneAlarm . ==== Event Viewer Messages From Past Week ======== . 04/11/2011 13:42:22, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant 04/11/2011 13:42:22, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning. 04/11/2011 13:42:22, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning. 04/11/2011 13:41:40, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} . ==== End Of File ===========================
  15. Hi Miasma, That sounds like a sensible first step, I'll give it a try Thanks LOL
  16. I don't know if I have a virus/malware problem, but hope someone here might be able to tell me. My computer just hangs displaying a message "Please wait, your Internet-Connection has not yet been established". This is on a pale grey screen The computer won't turn off, the only way I can close it down is at the power source. When I re-boot, it seems to boot normally until displaying the desktop background, but no icons appear. The screen then goes grey and displays the message above. There are no other icons/buttons etc on the screen. The esc button on the keyboard does nothing. Ctrl, Alt Del does nothing. Exactly the same thing happens whether or not the machine is connected to the internet I tried booting in safe mode, but exactly the same thing happened So basically I'm frustrated because I cannot get control of the machine to find out what is wrong with it. I did search a number of technical forums to see if anyone had reported a similar problem and did find someone who was reporting an identical issue - unfortunately no one had replied to his post! I hope someone here can give me some idea what my problem is - any help would be greatly appreciated LOL
  17. Hi Elise, Thanks for all your help It's really appreciated LOL
  18. Thanks Elise, When I first came to the forum the instructions in the pinned post was to use defogger to disable some drivers i I assume I need to do something to re-enable them? If I run the defogger again will this tell me how to enable them? LOL
  19. Hi Elise, No threats found by the online scan So I guess the computer is now clean and as safe as it can be, given your comments right at the start of this exercise? LOL
  20. Thanks Elise, that's cleared the error Everything now seems to be fine Here is the ComboFix log LOL ComboFix 10-11-05.06 - Owner 07/11/2010 17:02:07.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1271.603 [GMT 0:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\WatchWAN c:\program files\WatchWAN\Usage Logs\2010.log c:\program files\WatchWAN\WatchWAN.exe . ((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 ))))))))))))))))))))))))))))))) . 2010-11-06 22:26 . 2010-11-06 22:26 -------- d-----w- C:\_OTL 2010-11-06 17:32 . 2010-11-06 17:32 -------- d-----w- c:\program files\Common Files\Java 2010-11-06 17:31 . 2010-11-06 17:31 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-06 17:31 . 2010-11-06 17:31 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-04 00:27 . 2010-11-04 00:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-11-03 22:18 . 2010-11-04 00:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Exum 2010-11-03 22:01 . 2010-09-02 09:20 69120 ----a-w- c:\windows\system32\zlcomm.dll 2010-11-03 22:01 . 2010-09-02 09:20 103936 ----a-w- c:\windows\system32\zlcommdb.dll 2010-11-03 22:01 . 2010-09-02 09:20 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2010-11-03 22:01 . 2010-11-03 22:02 -------- d-----w- c:\windows\system32\ZoneLabs 2010-11-03 22:01 . 2010-11-03 22:01 -------- d-----w- c:\program files\Zone Labs 2010-11-03 18:49 . 2010-11-07 15:59 -------- d-----w- c:\windows\Internet Logs 2010-11-02 18:15 . 2010-11-02 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2010-11-02 18:14 . 2010-11-02 18:14 -------- d-----w- c:\program files\IObit 2010-11-01 00:15 . 2010-11-01 00:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-11-01 00:15 . 2010-11-01 00:15 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2010-10-31 22:31 . 2010-10-31 22:31 -------- d-----w- c:\program files\CheckPoint 2010-10-30 23:17 . 2010-10-30 23:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-10-29 23:52 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-10-29 23:52 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-10-29 23:52 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-10-29 23:52 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-10-29 23:52 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-10-29 23:52 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-10-29 23:52 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-10-29 23:52 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr 2010-10-29 23:52 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-10-29 23:51 . 2010-10-29 23:51 -------- d-----w- c:\program files\Alwil Software 2010-10-29 23:51 . 2010-10-29 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-10-28 18:36 . 2010-10-31 09:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Ybivu 2010-10-28 18:36 . 2010-10-31 09:09 -------- d-----w- c:\program files\windows 2010-10-28 18:36 . 2010-10-28 18:37 -------- d-----w- c:\program files\riv87 2010-10-28 18:35 . 2010-10-29 06:58 -------- d-----w- c:\program files\Microsoft 2010-10-27 22:21 . 2010-10-27 22:21 -------- d-----w- C:\$AVG 2010-10-27 21:25 . 2010-10-29 23:42 -------- d-----w- c:\windows\system32\drivers\AVG 2010-10-27 20:33 . 2010-10-27 20:33 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-10-24 22:12 . 2010-10-24 22:12 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2010-10-15 15:03 . 2010-10-30 20:14 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG10 2010-10-15 14:35 . 2010-10-15 14:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2010-10-15 14:32 . 2010-10-30 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2010-10-15 14:01 . 2010-10-27 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2010-10-13 18:45 . 2010-10-29 17:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Vuygl 2010-10-13 08:01 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-13 08:01 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-13 08:00 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 12:23 . 2006-05-11 21:57 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2006-05-11 21:57 974848 ------w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2006-05-11 21:57 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-18 06:53 . 2006-05-11 21:57 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-13 16:27 . 2010-09-13 16:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys 2010-09-10 05:58 . 2006-05-11 21:59 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2006-05-11 21:57 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2006-05-11 21:56 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-07 03:49 . 2010-09-07 03:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-09-07 03:48 . 2010-09-07 03:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-09-07 03:48 . 2010-09-07 03:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-09-07 03:48 . 2010-09-07 03:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2010-09-01 11:51 . 2006-05-11 21:54 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2003-01-01 15:41 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2006-05-11 21:59 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2006-05-11 21:59 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:39 . 2003-01-01 15:41 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2009-04-15 12:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2006-05-11 21:55 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-19 21:42 . 2010-08-19 21:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys 2010-08-19 21:42 . 2010-08-19 21:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys 2010-08-19 21:42 . 2010-08-19 21:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2010-08-17 13:17 . 2006-05-11 21:58 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2003-01-01 10:44 590848 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((( SnapShot@2010-11-06_21.45.57 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-07 14:32 . 2010-11-07 14:32 16384 c:\windows\Temp\Perflib_Perfdata_570.dat + 2010-11-07 14:32 . 2010-11-07 14:32 16384 c:\windows\Temp\Perflib_Perfdata_4bc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4A9D-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}] 2008-06-25 21:38 2401584 ----a-w- c:\program files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}] 2008-06-25 21:38 2401584 ----a-w- c:\program files\MozyHome\mozyshell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll" [2003-08-19 852038] "Acme.PCHButton"="c:\progra~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2003-01-01 159744] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "nwiz"="nwiz.exe" [2003-08-19 323584] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "RetroExpress"="c:\progra~1\RETROS~1\RETROS~1.5\RetroExpress.exe" [2008-07-10 9499928] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-13 282624] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\Owner\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2009-10-26 225280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HPAiODevice(hp officejet v series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe [2002-4-25 487487] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-06-29 17:56 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk backup=c:\windows\pss\reminder-ScanSoft Product Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Retrospect\\Retrospect Express HD 2.5\\Retrospect.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 26064] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29/10/2010 23:52 165584] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 249424] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 298448] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/10/2010 23:52 17744] S0 rrdg;rrdg;c:\windows\system32\drivers\redsk.sys --> c:\windows\system32\drivers\redsk.sys [?] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 123472] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 30288] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 26192] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [16/06/2010 21:32 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [16/06/2010 21:32 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [16/06/2010 21:32 42752] . . ------- Supplementary Scan ------- . uStart Page = hxxp://bt.yahoo.com uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://srch-qgb10.hpwis.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-WatchWAN - c:\program files\WatchWAN\WatchWAN.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-07 17:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(624) c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll . Completion time: 2010-11-07 17:14:05 ComboFix-quarantined-files.txt 2010-11-07 17:14 ComboFix2.txt 2010-11-06 21:49 ComboFix3.txt 2010-11-06 15:15 Pre-Run: 36,320,448,512 bytes free Post-Run: 36,306,198,528 bytes free - - End Of File - - A1A94706FD76B678F90287A356F5EA9F
  21. Hi Elise, The error message is just about the last thing that happens as the machine boots up. In addition to the small box in the centre of the screen (Automation error The specified module could not be found) I've now noticed that there is a small icon appears at the bottom left of the screen. The only option that the error message gives is "ok" which makes it and the icon disappear. Right or left clicking or double clicking on either the icon or error box reveals no more info or options I'm thinking that this is perhaps nothing to do with the actions taken over the last day or so, even though it has only just started t o appear. The icon makes me think that it could be to do with a utility called Watchwan that I was previously using to monitor download usage. I uninstalled this a short while ago, but perhaps it's left something behind? LOL
  22. Hi Elise I'm afraid that didn't fix it. Still getting the same message on boot-up Here's the OTL log Thanks LOL All processes killed ========== OTL ========== Error: No service named Automatic LiveUpdate Scheduler was found to stop! Service\Driver key Automatic LiveUpdate Scheduler not found. File C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 712183 bytes ->Temporary Internet Files folder emptied: 507164 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 582 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 671878 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 7991 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 217480 bytes ->Flash cache emptied: 9122 bytes User: Owner ->Temp folder emptied: 104752 bytes ->Temporary Internet Files folder emptied: 321281 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1213 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16757 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 507990 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 3.00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11062010_222648 Files\Folders moved on Reboot... C:\Documents and Settings\Owner\Local Settings\Temp\~DF46C0.tmp moved successfully. File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. File\Folder C:\WINDOWS\temp\ZLT04ee6.TMP not found! Registry entries deleted on Reboot...
  23. Hi Elise, I ran the Symantec uninstaller 3 times, but the error message still appears at boot-up THe log from ComboFix is attached Thanks LOL ComboFix 10-11-05.06 - Owner 06/11/2010 21:36:08.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1271.700 [GMT 0:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} FILE :: "c:\windows\Vxayituyihitam.dat" "c:\windows\Xlijuj.bin" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Vxayituyihitam.dat c:\windows\Xlijuj.bin . ((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 ))))))))))))))))))))))))))))))) . 2010-11-06 17:32 . 2010-11-06 17:32 -------- d-----w- c:\program files\Common Files\Java 2010-11-06 17:31 . 2010-11-06 17:31 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-06 17:31 . 2010-11-06 17:31 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-04 00:27 . 2010-11-04 00:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-11-03 22:18 . 2010-11-04 00:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Exum 2010-11-03 22:01 . 2010-09-02 09:20 69120 ----a-w- c:\windows\system32\zlcomm.dll 2010-11-03 22:01 . 2010-09-02 09:20 103936 ----a-w- c:\windows\system32\zlcommdb.dll 2010-11-03 22:01 . 2010-09-02 09:20 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2010-11-03 22:01 . 2010-11-03 22:02 -------- d-----w- c:\windows\system32\ZoneLabs 2010-11-03 22:01 . 2010-11-03 22:01 -------- d-----w- c:\program files\Zone Labs 2010-11-03 18:49 . 2010-11-06 21:27 -------- d-----w- c:\windows\Internet Logs 2010-11-02 18:15 . 2010-11-02 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2010-11-02 18:14 . 2010-11-02 18:14 -------- d-----w- c:\program files\IObit 2010-11-01 00:15 . 2010-11-01 00:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-11-01 00:15 . 2010-11-01 00:15 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2010-10-31 22:31 . 2010-10-31 22:31 -------- d-----w- c:\program files\CheckPoint 2010-10-30 23:17 . 2010-10-30 23:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-10-29 23:52 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-10-29 23:52 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-10-29 23:52 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-10-29 23:52 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-10-29 23:52 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-10-29 23:52 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-10-29 23:52 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-10-29 23:52 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr 2010-10-29 23:52 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-10-29 23:51 . 2010-10-29 23:51 -------- d-----w- c:\program files\Alwil Software 2010-10-29 23:51 . 2010-10-29 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-10-28 18:36 . 2010-10-31 09:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Ybivu 2010-10-28 18:36 . 2010-10-31 09:09 -------- d-----w- c:\program files\windows 2010-10-28 18:36 . 2010-10-28 18:37 -------- d-----w- c:\program files\riv87 2010-10-28 18:35 . 2010-10-29 06:58 -------- d-----w- c:\program files\Microsoft 2010-10-27 22:21 . 2010-10-27 22:21 -------- d-----w- C:\$AVG 2010-10-27 21:25 . 2010-10-29 23:42 -------- d-----w- c:\windows\system32\drivers\AVG 2010-10-27 20:33 . 2010-10-27 20:33 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-10-24 22:12 . 2010-10-24 22:12 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2010-10-15 15:03 . 2010-10-30 20:14 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG10 2010-10-15 14:35 . 2010-10-15 14:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2010-10-15 14:32 . 2010-10-30 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2010-10-15 14:01 . 2010-10-27 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2010-10-13 18:45 . 2010-10-29 17:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Vuygl 2010-10-13 08:01 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-13 08:01 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-13 08:00 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 12:23 . 2006-05-11 21:57 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2006-05-11 21:57 974848 ------w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2006-05-11 21:57 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-18 06:53 . 2006-05-11 21:57 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-13 16:27 . 2010-09-13 16:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys 2010-09-10 05:58 . 2006-05-11 21:59 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2006-05-11 21:57 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2006-05-11 21:56 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-07 03:49 . 2010-09-07 03:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-09-07 03:48 . 2010-09-07 03:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-09-07 03:48 . 2010-09-07 03:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-09-07 03:48 . 2010-09-07 03:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2010-09-01 11:51 . 2006-05-11 21:54 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2003-01-01 15:41 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2006-05-11 21:59 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2006-05-11 21:59 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:39 . 2003-01-01 15:41 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2009-04-15 12:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2006-05-11 21:55 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-19 21:42 . 2010-08-19 21:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys 2010-08-19 21:42 . 2010-08-19 21:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys 2010-08-19 21:42 . 2010-08-19 21:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2010-08-17 13:17 . 2006-05-11 21:58 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2003-01-01 10:44 590848 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4A9D-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}] 2008-06-25 21:38 2401584 ----a-w- c:\program files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}] 2008-06-25 21:38 2401584 ----a-w- c:\program files\MozyHome\mozyshell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll" [2003-08-19 852038] "Acme.PCHButton"="c:\progra~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2003-01-01 159744] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632] "WatchWAN"="c:\program files\WatchWAN\WatchWAN.exe" [2006-03-31 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "nwiz"="nwiz.exe" [2003-08-19 323584] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "RetroExpress"="c:\progra~1\RETROS~1\RETROS~1.5\RetroExpress.exe" [2008-07-10 9499928] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-13 282624] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\Owner\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2009-10-26 225280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HPAiODevice(hp officejet v series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe [2002-4-25 487487] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-06-29 17:56 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk backup=c:\windows\pss\reminder-ScanSoft Product Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchWAN] 2006-03-31 19:36 352256 ----a-w- c:\program files\WatchWAN\WatchWAN.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Retrospect\\Retrospect Express HD 2.5\\Retrospect.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 26064] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29/10/2010 23:52 165584] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 249424] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 298448] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/10/2010 23:52 17744] S0 rrdg;rrdg;c:\windows\system32\drivers\redsk.sys --> c:\windows\system32\drivers\redsk.sys [?] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 123472] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 30288] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 26192] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [16/06/2010 21:32 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [16/06/2010 21:32 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [16/06/2010 21:32 42752] . . ------- Supplementary Scan ------- . uStart Page = hxxp://bt.yahoo.com uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://srch-qgb10.hpwis.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-06 21:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(628) c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll . Completion time: 2010-11-06 21:49:00 ComboFix-quarantined-files.txt 2010-11-06 21:48 ComboFix2.txt 2010-11-06 15:15 Pre-Run: 36,353,802,240 bytes free Post-Run: 36,401,180,672 bytes free - - End Of File - - 0FBA93783FB55569D8CEB54D0CBE7E03
  24. Hi Elise I've upadted Java as advised. Run full scan with Malwarebytes - nothing found, log attached Computer seems to be running fine now with no problems The only issue I have is a warning message that now comes up after booting - "Automation error The specified module could not be found" I've no idea what it relates to, but it has been appearing since ComboFix did it's stuff. Any thoughts? LOL Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5054 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 06/11/2010 20:08:49 mbam-log-2010-11-06 (20-08-49).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 272209 Time elapsed: 2 hour(s), 29 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  25. Read the instructions on the pinned post at the top of the Forum, then post a new topic as instructed The experts on this site seem great - they will help you, but not unles you follow the forum rules LOL
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.