ramnit.b

[Elise]

What a pain is this one, just continues to recreate itself.

I want to try one other "brute force" scanner, if that doesn't work, we can create a disk so we can do some offline scanning. Please let me know if you have your XP CD at hand.

DR. WEB CUREIT

----------------------

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.

alternate download link

Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in Safe Mode.

Scan with Dr.Web CureIt as follows:

• Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  
• Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  
• The Express scan will automatically begin.
  (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  
• If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  
• If an infected object is found, you will be prompted to move anything that cannot be cured. Click No to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  
• After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  
• In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  
• Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  
• Please be patient as this scan could take a long time to complete.
  
• When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  
• Click Select All, then choose Cure. Do NOT move incurable!!!
  
• In the top menu, click file and choose save report list.
  
• Save the DrWeb.csv report to your desktop.
  
• Exit Dr.Web Cureit when done.
  
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
  

[dicko1981]

I will do the dr.web scan and post results when it is complete.

While it is doing that i have to let you know that my xp disc is no longer with me, it went missing when i moved a few years ago, is this gonna make things difficult?

What sort of damage is this thing doing to my computer and off the record, what are the chances of getting rid of it?

(sorry to be a pain )

[Elise]

Hi, we can do it also without an XP CD, by using a rescue disk. I want to give Kaspersky's a try.

The problem with this virus is, it infects all kind of files (so far it does leave windows sytem files alone, which means there is still a good chance of recovering, although it may require you reinstall some of the applications you have in the end). We clean up components, but because there remain infected files, they recreate all active components that show in the logs.

A rescue disk like Kaspersky's, scans all files off-line and with a bit of luck, is able to disinfect them.

[dicko1981]

Hi elsie,

I have tried to run the dr web scan twice now, and both times it seems to freeze my computer up.

It gets about 8 hours in, has found approx 60-70 threats and is only partway through the c drive?!?

I followed your instructions to the letter, is it worth me trying to run it again or is the another option?

Again, sorry for being a hassle

[Elise]

Do you have your XP CD at hand?

[dicko1981]

nope, its been lost in transit! im useless aint i!!

[Elise]

Not at all.

Lets try the Avira rescue disk.

Please go here: http://www.free-av.com/en/products/12/avir...cue_system.html

And follow the instructions.

Let it do a scan, but don't let it delete the desktoplayer.exe file since that can cause difficulties when booting, since Avira will have no possibility of accessing your registry and fixing the userinit value.

To be on the safe side, you can post the scan results here before undertaking action.

[dicko1981]

i have done a scan using the default settings on the avira disc, it did find quite a few infected items infected items but didnt seem to include desktoplayer.exe.

Was i meant to remove or repair or rename the items found?

Plus I will have to run it again because i accidently rebooted and lost the results.

[Elise]

As long as it didn't include the desktoplayer file, you can choose the Repair option. Let me know if it were able to repair/cure/disinfect these files.

[dicko1981]

the scan results were: records 85 that were not removable and warnings were 343 not completely scanned: part of multi volume archive.

I couldnt figure out how to paste the entire log.

hope this helps

[Elise]

Can you copy a few of those to a text file and post them for me?

That way I can see what they were about. Were there files that could be cleaned?

[dicko1981]

How would i go about copying the text across? i could right click and copy but then I cant paste it anywere until i rebooted then lost it

the warnings were from video files and a lot of them appeared to be the same ones and the non removable files were all sorts. it didn't look like there were any files that could be cleaned

[Elise]

What was the detection? Ramnit? If so, you have no other option than to delete them, because otherwise they will just keep reinfecting everything.

The rescue disk should have a text editor in which you can copy, however, if you can't find it, just skip that part.

[dicko1981]

it seemed to have detected a different named virus, i will run the scan again and let you know but I really cant find the text editor at all, only a linux command line and thats way over my head.

I really dont mind deleting everything off my computer apart from the essentials if it helps.

p.s. sorry if im being useless

[Elise]

No worries, just list me the name of the virus.

[dicko1981]

Hi Elsie

I ran the avira disc again this morning and it seems to have removed the viruses it had picked up on yesterday.

Hope this is a good sign

[Elise]

Yes, time for a boot in normal mode. Please download a new copy of combofix, run it, post me the log and afterwards run another OTL quick scan and post me that log as well.

[dicko1981]

combo fix log

ComboFix 10-09-03.02 - HP_Administrator 04/09/2010 18:39:24.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1983.1132 [GMT 1:00]

Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\HP_Administrator\Application Data\Cibia\ufyl.exe

c:\program files\Internet Explorer\complete.dat

c:\program files\Internet Explorer\dmlconf.dat

L:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))

.

2010-08-31 07:37 . 2010-08-31 07:37 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb

2010-08-29 12:43 . 2010-08-29 12:43 -------- d-----w- c:\program files\ESET

2010-08-29 10:33 . 2010-08-29 10:33 -------- d-----w- C:\_OTL

2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2010-08-28 10:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-28 10:52 . 2010-08-30 11:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-28 10:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-27 19:48 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{97D0B0DB-6D31-4E9E-810F-DC8C6DC7B60A}-demo32.exe

2010-08-27 19:08 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{E46F4510-28C6-49C8-BB7F-7E25A7A2D0C3}-demo32.exe

2010-08-27 18:14 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5B5792AC-466A-43DB-9379-A0D9FE29C162}-demo32.exe

2010-08-27 17:07 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DE3EA373-27A6-4FE1-BB67-2E6D71067E70}-demo32.exe

2010-08-27 16:09 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{36D7BEFF-C19D-4F6A-AE3C-4BC3E609A720}-demo32.exe

2010-08-27 15:12 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D01D4CF6-E3FD-4991-9A83-0F983C00489D}-demo32.exe

2010-08-27 14:01 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{06C30791-2AF0-4850-BEAF-3C43B2EF37D9}-demo32.exe

2010-08-27 13:09 . 2010-08-28 14:39 229376 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D4E87346-F81F-4A9B-B1B5-B917179C4549}-Flanger_Lite.dll

2010-08-27 13:09 . 2010-08-28 14:39 98304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{A89EB5CE-4AF1-4229-B346-BDA3B59EEE84}-flanger.dll

2010-08-27 13:09 . 2010-08-28 14:38 228864 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{404851A4-8351-4E41-8F3A-A08494C9DDE3}-flanger_lite_8x.dll

2010-08-27 13:09 . 2010-08-28 14:38 49152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{83B04BC8-5FE1-4A02-8B97-666AC2E0F70B}-Echo.dll

2010-08-27 13:09 . 2010-08-28 14:38 143360 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{389FCACF-FA8F-4D80-A6E4-DEA45B215DAB}-Filters.dll

2010-08-27 13:09 . 2010-08-28 14:39 245760 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{CF0C9055-7D95-4BF7-9E4A-B697685FA106}-Cut.dll

2010-08-27 13:09 . 2010-08-28 14:38 49152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{534E29EF-6F56-4936-933D-C996705DDBED}-DFV Flanger.dll

2010-08-27 13:09 . 2010-08-28 14:39 557056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B1B7D4BD-5378-42C2-8A5F-7E8CF41C8AC0}-BeatGrid.dll

2010-08-27 13:09 . 2010-08-28 14:38 102400 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{11B94EE1-7A13-4E9E-B4F4-783AE5F486A4}-brake.dll

2010-08-27 13:09 . 2010-08-28 14:39 102400 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{A8E4A025-6C30-4C15-BD3F-2B5E9426576E}-backspin.dll

2010-08-27 13:09 . 2010-08-28 14:38 28672 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8FCB47E8-80C8-4074-8CC9-DFC3EC9283D3}-balance.dll

2010-08-27 13:09 . 2010-08-28 14:38 40960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5C6BDD2A-DD07-4EA6-AACB-8B2A2017F190}-Beat break.dll

2010-08-27 13:09 . 2010-08-28 14:38 36864 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6842D076-215F-4992-95FC-7FB8475C78B7}-AutoCut.dll

2010-08-27 12:59 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FA7772A5-0F1E-44FB-AC79-70630B19E43A}-demo32.exe

2010-08-27 12:01 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DE6F499D-F730-4166-B32A-2DC84B318B7F}-demo32.exe

2010-08-27 10:57 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{43324295-C9D3-436C-BCE7-72679A7C1F8F}-demo32.exe

2010-08-26 19:00 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{AC3EB925-A6ED-4B76-B713-BC3BE6E88010}-demo32.exe

2010-08-26 17:34 . 2010-08-31 17:41 -------- d-----w- c:\program files\temp

2010-08-21 08:14 . 2010-08-21 08:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\fltk.org

2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth

2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-08-12 16:45 . 2005-09-05 10:21 362944 ----a-w- c:\windows\system32\drivers\WG11TND5.sys

2010-08-12 16:45 . 2005-07-27 20:15 149392 ----a-w- c:\windows\system32\drivers\ar5523.bin

2010-08-12 08:28 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-08-12 08:19 . 2010-08-12 08:19 -------- d-----w- c:\program files\Microsoft Security Essentials

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-04 17:52 . 2008-08-17 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki

2010-09-04 11:10 . 2009-05-02 20:13 -------- d-----w- c:\program files\DVD Shrink

2010-09-02 11:52 . 2010-04-08 23:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Cibia

2010-09-02 07:45 . 2008-06-02 08:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ovitez

2010-09-01 16:03 . 2009-09-22 12:45 -------- d-----w- c:\program files\Microsoft

2010-09-01 13:45 . 2010-06-22 18:54 -------- d-----w- c:\program files\iTunes

2010-08-31 20:02 . 2009-04-19 07:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus

2010-08-31 18:57 . 2010-07-16 17:18 452104 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\Update\setup3.12\setup.exe

2010-08-31 07:33 . 2009-10-29 20:24 315392 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportSystemDlls\13837\RapportSystemDlls.dll

2010-08-31 07:33 . 2010-07-01 11:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll

2010-08-31 07:33 . 2010-03-01 07:57 249856 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll

2010-08-30 16:54 . 2007-06-03 09:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azdix

2010-08-30 16:18 . 2009-02-13 10:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Utenk

2010-08-29 15:27 . 2009-04-19 10:35 -------- d-----w- c:\program files\Zipeg

2010-08-29 15:27 . 2008-11-26 17:00 -------- d-----w- c:\program files\YASAMP4Converter

2010-08-29 15:27 . 2007-08-06 13:24 -------- d-----w- c:\program files\Xvid

2010-08-29 15:25 . 2009-04-19 07:01 -------- d-----w- c:\program files\Vuze

2010-08-29 15:24 . 2009-04-24 16:55 -------- d-----w- c:\program files\VirtualDJ

2010-08-29 15:19 . 2010-05-31 11:20 -------- d-----w- c:\program files\QuickTime

2010-08-29 15:19 . 2009-03-14 15:21 -------- d-----w- c:\program files\Qloud

2010-08-29 15:19 . 2006-10-16 21:47 -------- d-----w- c:\program files\PC-Doctor 5 for Windows

2010-08-29 14:54 . 2008-09-12 16:32 -------- d-----w- c:\program files\MediaCoderSE

2010-08-29 14:48 . 2006-10-16 21:32 -------- d-----w- c:\program files\HP DigitalMedia Archive

2010-08-29 14:41 . 2009-08-30 11:03 -------- d-----w- c:\program files\Guitar Pro 5

2010-08-29 14:40 . 2006-10-16 21:01 -------- d-----w- c:\program files\GemMaster

2010-08-29 14:39 . 2009-07-17 07:27 -------- d-----w- c:\program files\Free MKV Video2Dvd

2010-08-29 14:37 . 2006-10-16 21:01 -------- d-----w- c:\program files\EnglishOtto

2010-08-29 14:36 . 2009-05-02 17:46 -------- d-----w- c:\program files\DVD2one V2

2010-08-29 14:36 . 2008-03-06 16:43 -------- d-----w- c:\program files\DVD Decrypter

2010-08-29 14:34 . 2008-07-03 13:08 -------- d-----w- c:\program files\Coupon Printer

2010-08-29 14:34 . 2006-10-16 21:33 -------- d-----w- c:\program files\Common Files\SureThing Shared

2010-08-29 14:33 . 2006-10-16 21:28 -------- d-----w- c:\program files\Common Files\Sonic Shared

2010-08-29 14:31 . 2008-04-13 15:39 -------- d-----w- c:\program files\Common Files\Macromedia

2010-08-29 14:31 . 2006-10-16 21:34 -------- d---a-w- c:\program files\Common Files\LightScribe

2010-08-29 14:24 . 2010-05-21 18:02 -------- d-----w- c:\program files\AutoGK

2010-08-29 14:24 . 2009-08-31 08:17 -------- d-----w- c:\program files\AmazingMIDI

2010-08-29 14:24 . 2010-01-19 18:14 -------- d-----w- c:\program files\AIM

2010-08-29 14:23 . 2009-07-24 18:53 -------- d-----w- c:\program files\ABC Amber LIT Converter

2010-08-29 14:23 . 2009-04-21 19:16 -------- d-----w- c:\program files\7-Zip

2010-08-29 13:18 . 2010-06-06 13:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Facebook

2010-08-29 10:33 . 2007-10-05 18:54 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Raidko

2010-08-29 09:45 . 2007-08-02 11:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Avmii

2010-08-28 20:13 . 2010-07-27 05:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Tiapc

2010-08-28 19:49 . 2010-03-05 21:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Goix

2010-08-28 14:46 . 2009-11-08 11:49 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2010-08-28 14:46 . 2010-01-10 09:59 340480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-08-28 14:46 . 2010-01-10 09:59 346624 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-08-28 14:46 . 2009-05-05 10:12 51200 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dll

2010-08-28 14:46 . 2009-05-05 10:12 114688 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\npmozax.dll

2010-08-28 14:46 . 2010-01-10 09:59 43008 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-08-28 14:46 . 2010-01-10 09:59 872960 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-08-28 14:46 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll

2010-08-28 14:38 . 2010-08-27 19:55 102400 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9425048F-740E-448D-A074-75C1D43CBF53}-karaoke.dll

2010-08-28 11:12 . 2008-05-15 04:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ygfehi

2010-08-28 11:03 . 2008-11-19 15:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Regou

2010-08-27 13:45 . 2008-12-22 00:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Izzyfa

2010-08-27 09:20 . 2009-05-30 13:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ogni

2010-08-26 19:36 . 2006-10-16 21:33 -------- d-----w- c:\program files\Sonic

2010-08-26 17:30 . 2008-05-05 20:08 -------- d-----w- c:\program files\FileZilla FTP Client

2010-08-17 20:23 . 2009-09-13 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-12 16:45 . 2006-10-16 21:23 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-08-12 07:23 . 2006-10-16 21:56 -------- d-----w- c:\program files\Symantec

2010-08-12 07:10 . 2010-04-11 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-06-22 18:30 . 2010-06-22 18:30 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-22 18:16 . 2010-06-22 18:16 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

2010-06-14 14:30 . 2004-08-10 04:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 12:20 . 2009-02-22 10:04 427376 ----a-w- c:\documents and settings\HP_Administrator\Application Data\HiYo\Data\hiyo_install.exe

2009-04-19 10:46 . 2009-04-19 10:46 5723432 ----a-w- c:\program files\AdvrCntr4

2005-05-26 14:35 . 2010-03-13 05:08 1422 ----a-w- c:\program files\ReadMe.txt

.

((((((((((((((((((((((((((((( SnapShot@2010-08-30_19.49.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\Temp\Perflib_Perfdata_2e78.dat

+ 2010-09-04 16:43 . 2010-09-04 16:43 16384 c:\windows\Temp\Perflib_Perfdata_7cc.dat

+ 2010-09-04 16:41 . 2010-09-04 16:41 16384 c:\windows\Temp\Perflib_Perfdata_788.dat

+ 2010-09-02 09:46 . 2010-09-02 09:46 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe

+ 2009-02-03 02:15 . 2010-09-02 09:46 5969360 c:\windows\system32\Macromed\Flash\NPSWF32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-12-09 17:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Tesco Insert Detect"="c:\program files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-03-05 148776]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-16 180269]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2010-08-28 249856]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"ftutil2"="ftutil2.dll" [2004-06-07 106496]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]

"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-05 161064]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-03-05 1057064]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-28 421888]

"Hiyo"="c:\program files\HiYo\Bin\bin\HiYo.exe" [2010-06-14 255344]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824]

EZ-DUB Finder.lnk - c:\program files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe [2010-3-13 176128]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

ogydu.exe [2010-8-30 139776]

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-16 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-16 27136]

umby.exe [2010-8-31 139776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [16/03/2008 07:55 15172]

R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [01/08/2009 21:30 9600]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 08:57 390528]

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [19/04/2009 08:01 464264]

R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [19/04/2009 08:02 234888]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [16/10/2007 15:16 17149]

S2 gupdate1c9a98eff5a8023;Google Update Service (gupdate1c9a98eff5a8023);c:\program files\Google\Update\GoogleUpdate.exe [20/03/2009 20:06 133104]

S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [17/04/2007 20:59 30464]

S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [17/04/2007 20:59 12672]

S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [17/04/2007 20:59 40320]

S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [17/04/2007 20:59 32000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-09-04 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-17 12:10]

2010-09-04 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktop

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - www.google.com

FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NP2020Player.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npcpbrkuk7.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npcsau7.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: c:\windows\system32\20-20 Technologies\3D Room Planner\NP2020Player.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-{7D6E6726-29BD-82F3-C8AB-F1B8077980FB} - c:\documents and settings\HP_Administrator\Application Data\Cibia\ufyl.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-04 18:52

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\catchme.dll

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3016895886-430028113-3949317508-1007\Software\SecuROM\License information*]

"datasecu"=hex:3c,9c,d1,1e,08,60,0c,29,3e,51,7f,3c,d7,46,05,33,06,2a,fd,5d,38,

dc,c2,db,f3,6c,e9,a5,5f,be,0a,4a,95,35,30,e0,12,1b,85,22,98,b2,08,f1,d5,02,\

"rkeysecu"=hex:72,6e,f2,2e,93,c6,fc,19,f3,84,65,38,d0,80,f5,3a

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-09-04 18:56:30

ComboFix-quarantined-files.txt 2010-09-04 17:56

ComboFix2.txt 2010-08-30 19:53

ComboFix3.txt 2010-08-28 20:31

ComboFix4.txt 2010-08-28 15:28

Pre-Run: 113,884,229,632 bytes free

Post-Run: 113,867,096,064 bytes free

- - End Of File - - B601D6167034263567DA4176C15B2F63

[Elise]

I'll wait for the OTL log.

[dicko1981]

whoops thought i'd posted it, thatll be the beer i had for lunch

OTL logfile created on: 04/09/2010 19:20:35 - Run 7

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 179.56 Gb Total Space | 106.09 Gb Free Space | 59.09% Space Free | Partition Type: NTFS

Drive D: | 6.73 Gb Total Space | 0.60 Gb Free Space | 8.85% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 698.64 Gb Total Space | 169.80 Gb Free Space | 24.30% Space Free | Partition Type: NTFS

Computer Name: DICKINSON

Current User Name: HP_Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/28 20:35:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL (1).exe

PRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

PRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

PRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe

PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

PRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

PRC - [2008/03/05 13:18:14 | 000,910,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe

PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe

PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

PRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe

PRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe

PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe

PRC - [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe

PRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exe

========== Modules (SafeList) ==========

MOD - [2010/08/28 20:35:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL (1).exe

MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll

MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/08/29 11:00:36 | 001,130,496 | ---- | M] () [Auto | Stopped] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)

SRV - [2010/08/28 15:51:45 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)

SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)

SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)

SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)

SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)

DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)

DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)

DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)

DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)

DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)

DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)

DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)

DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)

DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)

DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)

DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)

DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)

DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)

DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)

DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)

DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)

DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)

DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/02 10:42:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/02 10:42:10 | 000,000,000 | ---D | M]

[2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions

[2010/09/02 18:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions

[2010/09/02 10:57:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}

[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/09/02 10:57:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/08/28 08:47:55 | 001,400,832 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll

[2010/08/28 08:47:56 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll

[2010/08/28 08:47:56 | 000,229,376 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll

[2010/08/28 08:47:56 | 000,135,680 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dll

[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/04 18:52:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Yahoo!

[Elise]

thatll be the beer i had for lunch

You sure deserve that, because finally I see no signs any components of the infection were regenerated.

Time for an update: how are things running now?

Also, do another scan with ESET and post me the log.

[dicko1981]

how are things running now?

it all seems to be a bit quicker, but i've not really done much since its been infected. I will run the eset scan and post results when its done. Does this mean my computer will be virus free if things keep going as they are?

Plus i'm pretty sure you deserve the beer, your doing all the hard work!!

[Elise]

Depending a bit on what ESET still detects, you will need to update XP to service pack 3 (which only should be done when the active infection is gone), and Java should be updated.

I also recommend you uninstall the Ask Toolbar using Add/Remove programs.

After the ESET results, I'll give you more detailed instructions on this.

[dicko1981]

no threats found

[Elise]

Okay, then its time for some updating.

Please launch also MBAM, update it and run a full scan. Post me the resulting log.

UPDATE XP

--------------

Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.

Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Look for "JDK 6 Update 21 (JDK or JRE)".
  
• Click the "Download JRE" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  
• If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the Java Setup - Welcome window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.