Jump to content

Bombaye

Members
  • Content Count

    39
  • Joined

  • Last visited

About Bombaye

  • Rank
    Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Previous Fields

  • TechExpress Link:
    http://www.pcpitstop.com/techexpress.asp?id=C3GFPWVFJ3JSCAZQ
  • Teams:
    Nothing Selected
  1. Just thought I should let you know that I've got a big blue screen problem at the moment. I don't know if you can help, but I'll post elsewhere if not. At the moment when I get the error it says: PAGE_ERROR IN NONPAGED_AREA And then under technical information it says: ***STOP: 0x00000050 (0xBFCBB3C5, 0x00000001, 0x8050D532, 0x00000002) Any ideas of what to do, or where to look for help? I've checked the connections and they seem to be fine as my second dvd drive sometimes comes lose, but that's ok. I'm now stuck and frustrated!
  2. here are the logs: My google search has now started playing up again, sending me to random sites. I don't know what Spigot is, the only thing I downloaded was an update to my divx web player. I'm still getting the update message coming up after running all of these. It claims to be an update for windows office professional 2003, but won't go away. You'll click on cancel and then go away and click on a new tab or window and it comes up again. If you leave it to run, it comes up saying that : If you then try and cancel it, it comes up with : I don't know if any of this is legit, but I don't have the disk to re-install as I got it from a housemate when I was at uni. Do you think it would be worth completely uninstalling it? I do use it, but maybe I might be able to download a more up-to-date free version
  3. Me again. My browser is a bit temperamenal and keeps trying to install an update but can't find the file it wants and then crashes IE. I don't know if this is malware still, but here's an hjt log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:17:41, on 05/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe C:\Program Files\TalkTalk\bin\sprtsvc.exe C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [Wcoren] rundll32.exe "C:\WINDOWS\ocifatah.dll",Startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...448/mcfscan.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- End of file - 10958 bytes
  4. Great. Thanks for all your help. Fingers crossed there won't be any problems with my computer but if there are I know where to come
  5. Great. I'm glad that you can see an end to this coming soon. Here's my OTM and HJT logs. Looking good?
  6. My norton did a search and brought back a high risk of Backdoor.Tidservl!inf with the details being: c:\qoobox\quarantine\c\windows\system32\drivers\iastor.sys.vir I assume the first part means that it's quarantined but should I check this file on virustotal as well?
  7. Here are those scan reports in order: I had to send it over SSL I think because of my Norton. Looks like there may be more work to do. What's next?
  8. ComboFix 10-01-29.04 - Ali 29/01/2010 20:20:19.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1058 [GMT 0:00] Running from: c:\documents and settings\Ali\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ali\Desktop\CFScript.txt AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FILE :: "c:\docume~1\Ali\LOCALS~1\Temp\gkmixern.sys" . PEV Error: ProgramsFolder ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GKMIXERN -------\Service_gkmixern ((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 ))))))))))))))))))))))))))))))) . 2010-01-28 19:09 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2010-01-28 19:09 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe 2010-01-28 19:09 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-01-28 19:09 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2010-01-27 18:24 . 2010-01-27 18:24 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-25 21:14 . 2010-01-25 21:14 -------- d-----w- c:\windows\system32\N360_BACKUP 2010-01-21 22:11 . 2010-01-21 22:11 -------- d-----w- c:\program files\AskBarDis 2010-01-18 18:38 . 2010-01-18 18:38 -------- d-----w- c:\program files\Application Updater 2010-01-15 04:05 . 2010-01-15 04:05 -------- d-----w- c:\program files\Norton Support 2010-01-15 04:04 . 2010-01-15 04:04 -------- d-----w- c:\documents and settings\Ali\Local Settings\Application Data\Symantec 2010-01-14 20:16 . 2010-01-14 20:14 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2010-01-14 17:57 . 2010-01-14 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B} 2010-01-14 17:56 . 2010-01-14 17:56 -------- d-----w- c:\documents and settings\Ali\Local Settings\Application Data\Downloaded Installations 2010-01-14 17:56 . 2009-08-22 08:13 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2010-01-14 17:56 . 2010-01-14 20:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-01-14 17:56 . 2010-01-14 20:14 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-01-14 17:56 . 2010-01-14 20:14 -------- d-----w- c:\program files\Symantec 2010-01-14 17:55 . 2010-01-28 18:14 -------- d-----w- c:\windows\system32\drivers\N360 2010-01-14 17:55 . 2010-01-14 17:55 -------- d-----w- c:\program files\Norton 360 2010-01-14 17:45 . 2010-01-14 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings 2010-01-14 17:44 . 2010-01-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-01-12 22:29 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-10 18:21 . 2010-01-10 18:21 27883 ----a-w- c:\windows\system32\0ILPNBLKEB.dat 2010-01-10 18:21 . 2010-01-10 18:21 1860 ----a-w- c:\windows\system32\0PLT01VMT.dat 2010-01-10 18:21 . 2010-01-10 18:21 27883 ----a-w- c:\windows\system32\SVMGTJ7062.dat 2010-01-10 18:21 . 2010-01-10 18:21 1860 ----a-w- c:\windows\system32\S1049S0YF.dat 2010-01-07 21:44 . 2010-01-07 21:44 -------- d-----w- C:\_OTM 2010-01-06 08:09 . 2010-01-06 08:09 -------- d-----w- c:\program files\Trend Micro 2010-01-05 00:16 . 2010-01-05 00:16 118256 ----a-w- c:\windows\system32\qpPAUr_-g.exe 2010-01-05 00:14 . 2010-01-07 21:44 -------- d-sh--w- c:\documents and settings\Ali\.COMMgr . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-26 22:58 . 2009-04-26 15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-25 21:23 . 2009-04-26 15:49 117760 ----a-w- c:\documents and settings\Ali\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-25 21:21 . 2009-04-26 15:46 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-25 21:10 . 2010-01-25 21:09 52224 ----a-w- c:\documents and settings\Ali\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-01-25 20:10 . 2006-05-18 22:19 -------- d-----w- c:\documents and settings\Ali\Application Data\Azureus 2010-01-24 21:08 . 2010-01-24 21:08 8406648 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe 2010-01-24 20:58 . 2010-01-24 20:58 10309448 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\chr\ChromeInstaller.exe 2010-01-24 20:55 . 2010-01-24 20:55 64000 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll 2010-01-24 20:55 . 2010-01-24 20:55 52288 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll 2010-01-24 20:55 . 2010-01-24 20:55 50688 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll 2010-01-24 20:55 . 2010-01-24 20:55 114688 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\compat.dll 2010-01-21 22:12 . 2006-05-18 22:19 -------- d-----w- c:\program files\Azureus 2010-01-20 19:19 . 2009-02-23 18:13 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-14 20:14 . 2010-01-14 17:56 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-01-14 20:14 . 2010-01-14 17:56 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-01-14 20:14 . 2010-01-14 17:58 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll 2010-01-14 20:14 . 2008-01-29 12:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-01-14 18:16 . 2005-03-06 22:25 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-01-14 17:56 . 2010-01-14 17:56 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2010-01-14 17:56 . 2010-01-14 17:56 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2010-01-14 17:55 . 2010-01-14 17:55 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2010-01-14 17:55 . 2008-01-02 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-01-14 17:55 . 2009-08-01 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-01-14 17:51 . 2005-03-06 22:25 -------- d-----w- c:\documents and settings\Ali\Application Data\Symantec 2010-01-07 16:07 . 2009-04-26 15:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 16:07 . 2009-04-26 15:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-06 00:34 . 2007-04-17 12:16 -------- d-----w- c:\documents and settings\Ali\Application Data\dvdcss 2009-12-21 19:14 . 2004-08-04 05:00 916480 ------w- c:\windows\system32\wininet.dll 2009-12-15 18:40 . 2009-12-15 18:38 17245680 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\rp\RealPlayerSPGold.exe 2009-11-21 15:51 . 2008-08-20 07:26 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-10 00:39 . 2009-10-10 00:39 18250 ----a-w- c:\program files\Common Files\bewoharav.pif 2006-03-15 12:30 . 2006-03-15 12:30 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe 2005-01-04 14:52 . 2005-01-04 14:50 227190984 ----a-w- c:\program files\OfficeSTD.exe 2009-03-31 21:47 . 2009-01-28 20:32 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2005-02-13 20:42 . 2005-02-13 20:42 56 --sh--r- c:\windows\SYSTEM32\4C805BE81C.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 12:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] "Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056] "Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 69632] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "ppmate"="c:\program files\PPMate\PPMate\ppmate.exe" [2006-11-23 1495123] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064] "TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-24 113664] AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2004-11-24 156784] NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-01-25 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\PPMate\\PPMate\\ppmate.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "%windir%\\system32\\sessmgr.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\SymEFA.sys [28/01/2010 05:14 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\BHDrvx86.sys [28/01/2010 05:14 259632] R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\cchpx86.sys [28/01/2010 05:14 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSXpx86.sys [28/01/2010 02:12 329592] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22/12/2008 10:06 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 10:05 74480] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928] R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [21/01/2010 22:11 464264] R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [21/01/2010 22:11 234888] R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [23/02/2009 18:12 54752] R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [28/01/2010 05:13 117640] R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016] R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768] S1 M9207;DigiO2 DVB-T USB Receiver;c:\windows\system32\DRIVERS\M9207BDA.sys --> c:\windows\system32\DRIVERS\M9207BDA.sys [?] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\SYSTEM32\FsUsbExDisk.Sys [06/12/2008 14:35 36512] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 10:06 7408] . Contents of the 'Scheduled Tasks' folder 2010-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ig?hl=en uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms} uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx FF - ProfilePath - c:\documents and settings\Ali\Application Data\Mozilla\Firefox\Profiles\emib82yk.default\ FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-29 20:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3974528393-405583803-1727344631-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-3974528393-405583803-1727344631-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. R%] @Class="Shell" @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-3974528393-405583803-1727344631-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. R%\OpenWithList] @Class="Shell" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1528) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(1128) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-01-29 20:37:52 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-29 20:37 ComboFix2.txt 2010-01-28 19:22 ComboFix3.txt 2006-12-17 20:18 Pre-Run: 13,490,040,832 bytes free Post-Run: 13,456,924,672 bytes free - - End Of File - - 0D2397B998D3CCACC1FAD7C2CAC22491 Both browsers seem to be ok now. The problem came up when I was trying to stream a tv show and the connection dropped out so I tried rebooting and that was when the browsers started playing up. Do you have any other recommendations?
  9. Ok both my browsers no longer work and I have had to write this from another computer. My firefox opens and then I can't type anything at all. My IE opens ok but when I click on anything it opens up a new tab and as a result I couldn't answer without going to a different pc. Also when I maximise the IE window, I lose the menus,toolbars and address at the top and also the toolbar at the bottom. What do you suggest?
  10. I forgot to mention, I currently have updates that my computer can't install. I don't know if this is related but these are the details. Security Update for Microsoft Office Excel 2003 (KB973475) Security Update for Microsoft Office 2003 (KB974554)
  11. Right then here are my logs. Everything seems ok although I had to manually reboot after combofix told me not to as the computer wasn't doing anything for about 30 mins and my computer always comes up with a hardware malfunction error saying . Google searching seems to be ok though. OTM: All processes killed ========== FILES ========== File/Folder c:\program files\search settings not found. C:\Program Files\Trend Micro\HijackThis\backups\backup-20100107-214052-489.dll moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Ali ->Temp folder emptied: 95265501 bytes ->Temporary Internet Files folder emptied: 11851402 bytes ->Java cache emptied: 140308 bytes ->FireFox cache emptied: 2898088 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33855 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Owner %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2818852 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 20616386 bytes RecycleBin emptied: 196717338 bytes Total Files Cleaned = 315.00 mb OTM by OldTimer - Version 3.1.7.0 log created on 01282010_181248 Files moved on Reboot... File C:\WINDOWS\temp\AskBarDis\upgrade\UpgradeData.xml not found! File C:\WINDOWS\temp\AskBarDis\RSS\1\Featured.xml not found! File C:\WINDOWS\temp\AskBarDis\RSS\1\ForYou.xml not found! File C:\WINDOWS\temp\AskBarDis\RSS\1\Notifications.xml not found! File C:\WINDOWS\temp\AskBarDis\RSS\1\WhatsHot.xml not found! File C:\WINDOWS\temp\AskBarDis\RSS\1\WhatsNew.xml not found! File C:\WINDOWS\temp\JET507.tmp not found! File C:\WINDOWS\temp\Perflib_Perfdata_dc4.dat not found! C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I5WZUZXQ\google_co_uk[2].txt moved successfully. Registry entries deleted on Reboot... ComboFix ComboFix 10-01-27.06 - Ali 28/01/2010 19:00:40.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1164 [GMT 0:00] Running from: c:\documents and settings\Ali\Desktop\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Ali\Application Data\iniasd.txt c:\documents and settings\Ali\Application Data\inst.exe c:\documents and settings\Ali\Application Data\SystemProc c:\documents and settings\Ali\Local Settings\Application Data\ojibefaki.bat c:\documents and settings\All Users\Application Data\epyq.inf c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\FF\chrome.manifest c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul c:\program files\Dealio Toolbar\FF\chrome\content\login.js c:\program files\Dealio Toolbar\FF\chrome\content\login.xul c:\program files\Dealio Toolbar\FF\chrome\content\parser.js c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css c:\program files\Dealio Toolbar\FF\components\config.ini c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt c:\program files\Dealio Toolbar\FF\install.rdf c:\program files\Dealio Toolbar\IE\4.0.2\config.ini c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\WidgiHelper.exe c:\recycler\NPROTECT C:\s c:\windows\dembat.tm c:\windows\emdat.tm c:\windows\EventSystem.log c:\windows\g32.txt c:\windows\gui c:\windows\gui\drw43300.txt c:\windows\gui\drw43300.vdb c:\windows\gui\drw43301.txt c:\windows\gui\drw43301.vdb c:\windows\gui\drw43302.txt c:\windows\gui\drw43302.vdb c:\windows\gui\drw43303.txt c:\windows\gui\drw43303.vdb c:\windows\gui\drw43304.txt c:\windows\gui\drw43304.vdb c:\windows\gui\drw43305.txt c:\windows\gui\drw43305.vdb c:\windows\gui\drw43306.txt c:\windows\gui\drw43306.vdb c:\windows\gui\drw43307.txt c:\windows\gui\drw43307.vdb c:\windows\gui\drw43308.txt c:\windows\gui\drw43308.vdb c:\windows\gui\drw43309.txt c:\windows\gui\drw43309.vdb c:\windows\gui\drw43310.txt c:\windows\gui\drw43310.vdb c:\windows\gui\drw43311.txt c:\windows\gui\drw43311.vdb c:\windows\gui\drw43312.txt c:\windows\gui\drw43312.vdb c:\windows\gui\drw43313.txt c:\windows\gui\drw43313.vdb c:\windows\gui\drw43314.txt c:\windows\gui\drw43314.vdb c:\windows\gui\drw43315.txt c:\windows\gui\drw43315.vdb c:\windows\gui\drw43316.txt c:\windows\gui\drw43316.vdb c:\windows\gui\drw43317.txt c:\windows\gui\drw43317.vdb c:\windows\gui\drw43318.txt c:\windows\gui\drw43318.vdb c:\windows\gui\drw43319.txt c:\windows\gui\drw43319.vdb c:\windows\gui\drw43320.txt c:\windows\gui\drw43320.vdb c:\windows\gui\drw43321.txt c:\windows\gui\drw43321.vdb c:\windows\gui\drw43322.txt c:\windows\gui\drw43322.vdb c:\windows\gui\drw43323.txt c:\windows\gui\drw43323.vdb c:\windows\gui\drw43324.txt c:\windows\gui\drw43324.vdb c:\windows\gui\drw43325.txt c:\windows\gui\drw43325.vdb c:\windows\gui\drw43326.txt c:\windows\gui\drw43326.vdb c:\windows\gui\drw43327.txt c:\windows\gui\drw43327.vdb c:\windows\gui\drw43328.txt c:\windows\gui\drw43328.vdb c:\windows\gui\drw43329.txt c:\windows\gui\drw43329.vdb c:\windows\gui\drw43330.txt c:\windows\gui\drw43330.vdb c:\windows\gui\drw43331.txt c:\windows\gui\drw43331.vdb c:\windows\gui\drw43332.txt c:\windows\gui\drw43332.vdb c:\windows\gui\drw43333.txt c:\windows\gui\drw43333.vdb c:\windows\gui\drw43334.txt c:\windows\gui\drw43334.vdb c:\windows\gui\drw43335.txt c:\windows\gui\drw43335.vdb c:\windows\gui\drw43336.txt c:\windows\gui\drw43336.vdb c:\windows\gui\drw43337.txt c:\windows\gui\drw43337.vdb c:\windows\gui\drw43338.txt c:\windows\gui\drw43338.vdb c:\windows\gui\drw43339.txt c:\windows\gui\drw43339.vdb c:\windows\gui\drw43340.txt c:\windows\gui\drw43340.vdb c:\windows\gui\drw43341.txt c:\windows\gui\drw43341.vdb c:\windows\gui\drw43342.txt c:\windows\gui\drw43342.vdb c:\windows\gui\drw43343.txt c:\windows\gui\drw43343.vdb c:\windows\gui\drw43344.txt c:\windows\gui\drw43344.vdb c:\windows\gui\drw43345.txt c:\windows\gui\drw43345.vdb c:\windows\gui\drw43346.txt c:\windows\gui\drw43346.vdb c:\windows\gui\drw43347.txt c:\windows\gui\drw43347.vdb c:\windows\gui\drw43348.txt c:\windows\gui\drw43348.vdb c:\windows\gui\drw43349.txt c:\windows\gui\drw43349.vdb c:\windows\gui\drw43350.txt c:\windows\gui\drw43350.vdb c:\windows\gui\drw43351.txt c:\windows\gui\drw43351.vdb c:\windows\gui\drw43352.txt c:\windows\gui\drw43352.vdb c:\windows\gui\drw43353.txt c:\windows\gui\drw43353.vdb c:\windows\gui\drw43354.txt c:\windows\gui\drw43354.vdb c:\windows\gui\drw43355.txt c:\windows\gui\drw43355.vdb c:\windows\gui\drw43356.txt c:\windows\gui\drw43356.vdb c:\windows\gui\drw43357.txt c:\windows\gui\drw43357.vdb c:\windows\gui\drw43358.txt c:\windows\gui\drw43358.vdb c:\windows\gui\drw43359.txt c:\windows\gui\drw43359.vdb c:\windows\gui\drw43360.txt c:\windows\gui\drw43360.vdb c:\windows\gui\drw43361.txt c:\windows\gui\drw43361.vdb c:\windows\gui\drw43362.txt c:\windows\gui\drw43362.vdb c:\windows\gui\drw43363.txt c:\windows\gui\drw43363.vdb c:\windows\gui\drw43364.txt c:\windows\gui\drw43364.vdb c:\windows\gui\drw43365.txt c:\windows\gui\drw43365.vdb c:\windows\gui\drweb32.dll c:\windows\gui\DrWeb32.key c:\windows\gui\drwebase.vdb c:\windows\gui\drwnasty.txt c:\windows\gui\drwnasty.vdb c:\windows\gui\drwrisky.txt c:\windows\gui\drwrisky.vdb c:\windows\gui\drwtoday.txt c:\windows\gui\drwtoday.vdb c:\windows\gui\dwebio16.dll c:\windows\gui\dwebio32.dll c:\windows\gui\dwebllio.dll c:\windows\gui\dwn43301.txt c:\windows\gui\dwn43301.vdb c:\windows\gui\dwn43302.txt c:\windows\gui\dwn43302.vdb c:\windows\gui\dwn43303.txt c:\windows\gui\dwn43303.vdb c:\windows\gui\dwn43304.txt c:\windows\gui\dwn43304.vdb c:\windows\gui\dwn43305.txt c:\windows\gui\dwn43305.vdb c:\windows\gui\dwntoday.txt c:\windows\gui\dwntoday.vdb c:\windows\gui\dwr43301.txt c:\windows\gui\dwr43301.vdb c:\windows\gui\dwrtoday.txt c:\windows\gui\dwrtoday.vdb c:\windows\gui\gui.exe c:\windows\gui\gui.list c:\windows\gui\rar.exe c:\windows\ilagowe.scr c:\windows\system32\11478.exe c:\windows\system32\11942.exe c:\windows\system32\12382.exe c:\windows\system32\14604.exe c:\windows\system32\153.exe c:\windows\system32\15724.exe c:\windows\system32\16827.exe c:\windows\system32\18467.exe c:\windows\system32\19169.exe c:\windows\system32\23281.exe c:\windows\system32\24464.exe c:\windows\system32\26500.exe c:\windows\system32\26962.exe c:\windows\system32\28145.exe c:\windows\system32\292.exe c:\windows\system32\29358.exe c:\windows\system32\2995.exe c:\windows\system32\32391.exe c:\windows\system32\3902.exe c:\windows\system32\4827.exe c:\windows\system32\491.exe c:\windows\system32\5436.exe c:\windows\system32\5705.exe c:\windows\system32\6334.exe c:\windows\system32\9961.exe c:\windows\system32\cds.txt c:\windows\system32\ctfmon .exe c:\windows\system32\drivers\etc\hosts.tim c:\windows\system32\drivers\npf.sys c:\windows\system32\dumphive.exe c:\windows\system32\dz1.txt c:\windows\system32\kjs c:\windows\system32\p1.txt c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\r24.txt c:\windows\system32\sirenacm(2).dll c:\windows\system32\SrchSTS.exe c:\windows\system32\STEC3.sys c:\windows\system32\Sys c:\windows\system32\Sys\norton-db.001 c:\windows\system32\Sys\norton-db.002 c:\windows\system32\tmp.reg c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll c:\windows\system32\xma c:\windows\trace c:\windows\trace\trace.txt c:\windows\zyfob._sy Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected Restored copy from - Kitty ate it c:\windows\system32\grpconv.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_SSHNAS -------\Legacy_STEC3 -------\Service_NPF -------\Service_STEC3 ((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 ))))))))))))))))))))))))))))))) . 2010-01-28 19:09 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2010-01-28 19:09 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe 2010-01-28 19:09 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-01-27 18:24 . 2010-01-27 18:24 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-25 21:14 . 2010-01-25 21:14 -------- d-----w- c:\windows\system32\N360_BACKUP 2010-01-21 23:16 . 2010-01-21 23:16 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe 2010-01-21 22:11 . 2010-01-21 22:11 -------- d-----w- c:\program files\AskBarDis 2010-01-18 18:38 . 2010-01-18 18:38 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater 2010-01-18 18:38 . 2010-01-18 18:38 -------- d-----w- c:\program files\Application Updater 2010-01-15 04:05 . 2010-01-15 04:05 -------- d-----w- c:\program files\Norton Support 2010-01-15 04:04 . 2010-01-15 04:04 -------- d-----w- c:\documents and settings\Ali\Local Settings\Application Data\Symantec 2010-01-14 20:16 . 2010-01-14 20:14 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2010-01-14 17:57 . 2010-01-14 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B} 2010-01-14 17:56 . 2010-01-14 17:56 -------- d-----w- c:\documents and settings\Ali\Local Settings\Application Data\Downloaded Installations 2010-01-14 17:56 . 2009-08-22 08:13 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2010-01-14 17:56 . 2010-01-14 20:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-01-14 17:56 . 2010-01-14 20:14 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-01-14 17:56 . 2010-01-14 20:14 -------- d-----w- c:\program files\Symantec 2010-01-14 17:55 . 2010-01-28 18:14 -------- d-----w- c:\windows\system32\drivers\N360 2010-01-14 17:55 . 2010-01-14 17:55 -------- d-----w- c:\program files\Norton 360 2010-01-14 17:45 . 2010-01-14 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings 2010-01-14 17:44 . 2010-01-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-01-12 22:29 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-10 18:21 . 2010-01-10 18:21 27883 ----a-w- c:\windows\system32\0ILPNBLKEB.dat 2010-01-10 18:21 . 2010-01-10 18:21 1860 ----a-w- c:\windows\system32\0PLT01VMT.dat 2010-01-10 18:21 . 2010-01-10 18:21 27883 ----a-w- c:\windows\system32\SVMGTJ7062.dat 2010-01-10 18:21 . 2010-01-10 18:21 1860 ----a-w- c:\windows\system32\S1049S0YF.dat 2010-01-07 21:44 . 2010-01-07 21:44 -------- d-----w- C:\_OTM 2010-01-06 08:09 . 2010-01-06 08:09 -------- d-----w- c:\program files\Trend Micro 2010-01-05 00:16 . 2010-01-05 00:16 118256 ----a-w- c:\windows\system32\qpPAUr_-g.exe 2010-01-05 00:14 . 2010-01-07 21:44 -------- d-sh--w- c:\documents and settings\Ali\.COMMgr . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-26 22:58 . 2009-04-26 15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-25 21:23 . 2009-04-26 15:49 117760 ----a-w- c:\documents and settings\Ali\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-25 21:21 . 2009-04-26 15:46 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-25 21:10 . 2010-01-25 21:09 52224 ----a-w- c:\documents and settings\Ali\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-01-25 20:10 . 2006-05-18 22:19 -------- d-----w- c:\documents and settings\Ali\Application Data\Azureus 2010-01-24 21:08 . 2010-01-24 21:08 8406648 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe 2010-01-24 20:58 . 2010-01-24 20:58 10309448 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\chr\ChromeInstaller.exe 2010-01-24 20:55 . 2010-01-24 20:55 64000 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll 2010-01-24 20:55 . 2010-01-24 20:55 52288 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll 2010-01-24 20:55 . 2010-01-24 20:55 50688 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll 2010-01-24 20:55 . 2010-01-24 20:55 114688 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\RUP\inst_config\compat.dll 2010-01-21 22:12 . 2006-05-18 22:19 -------- d-----w- c:\program files\Azureus 2010-01-20 19:19 . 2009-02-23 18:13 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-14 20:14 . 2010-01-14 17:56 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-01-14 20:14 . 2010-01-14 17:56 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-01-14 20:14 . 2010-01-14 17:58 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll 2010-01-14 20:14 . 2008-01-29 12:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-01-14 18:16 . 2005-03-06 22:25 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-01-14 17:56 . 2010-01-14 17:56 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2010-01-14 17:56 . 2010-01-14 17:56 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2010-01-14 17:55 . 2010-01-14 17:55 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2010-01-14 17:55 . 2008-01-02 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-01-14 17:55 . 2009-08-01 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-01-14 17:51 . 2005-03-06 22:25 -------- d-----w- c:\documents and settings\Ali\Application Data\Symantec 2010-01-07 16:07 . 2009-04-26 15:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 16:07 . 2009-04-26 15:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-06 00:34 . 2007-04-17 12:16 -------- d-----w- c:\documents and settings\Ali\Application Data\dvdcss 2009-12-21 19:14 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-15 18:40 . 2009-12-15 18:38 17245680 ----a-w- c:\documents and settings\Ali\Application Data\Real\Update\setup\rp\RealPlayerSPGold.exe 2009-11-21 15:51 . 2008-08-20 07:26 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-10 00:39 . 2009-10-10 00:39 18250 ----a-w- c:\program files\Common Files\bewoharav.pif 2006-03-15 12:30 . 2006-03-15 12:30 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe 2005-01-04 14:52 . 2005-01-04 14:50 227190984 ----a-w- c:\program files\OfficeSTD.exe 2009-03-31 21:47 . 2009-01-28 20:32 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2005-02-13 20:42 . 2005-02-13 20:42 56 --sh--r- c:\windows\SYSTEM32\4C805BE81C.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 12:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-25 2002160] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] "Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056] "Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 69632] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "ppmate"="c:\program files\PPMate\PPMate\ppmate.exe" [2006-11-23 1495123] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064] "TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-24 113664] AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2004-11-24 156784] NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-01-25 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\PPMate\\PPMate\\ppmate.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "%windir%\\system32\\sessmgr.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\SymEFA.sys [28/01/2010 05:14 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\BHDrvx86.sys [28/01/2010 05:14 259632] R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\cchpx86.sys [28/01/2010 05:14 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSXpx86.sys [28/01/2010 02:12 329592] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22/12/2008 10:06 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 10:05 74480] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928] R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [21/01/2010 22:11 464264] R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [21/01/2010 22:11 234888] R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [23/02/2009 18:12 54752] R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [28/01/2010 05:13 117640] R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016] R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [20/01/2010 00:39 102448] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 10:06 7408] S1 M9207;DigiO2 DVB-T USB Receiver;c:\windows\system32\DRIVERS\M9207BDA.sys --> c:\windows\system32\DRIVERS\M9207BDA.sys [?] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\SYSTEM32\FsUsbExDisk.Sys [06/12/2008 14:35 36512] S3 gkmixern;gkmixern;\??\c:\docume~1\Ali\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\Ali\LOCALS~1\Temp\gkmixern.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ig?hl=en uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms} uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx FF - ProfilePath - c:\documents and settings\Ali\Application Data\Mozilla\Firefox\Profiles\emib82yk.default\ FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll BHO-{a8eeebd5-9962-5197-5172-d056c9db9f81} - (no file) Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll ActiveSetup-{1A43B51D-2671-4bcc-89F0-9BC42DB29016} - fow64.dll AddRemove-360Share Pro - c:\program files\360Share Pro\bt-uninst.exe AddRemove-HijackThis - c:\documents and settings\Ali\Local Settings\Temporary Internet Files\Content.IE5\T2XU0AWK\HijackThis.exe AddRemove-LimeWire - c:\program files\LimeWire\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-28 19:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3974528393-405583803-1727344631-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-3974528393-405583803-1727344631-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. R%] @Class="Shell" @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-3974528393-405583803-1727344631-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. R%\OpenWithList] @Class="Shell" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1528) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(1192) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-01-28 19:22:24 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-28 19:22 ComboFix2.txt 2006-12-17 20:18 Pre-Run: 13,333,274,624 bytes free Post-Run: 13,537,193,984 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 518830A26292CBFE15E51552E95F8E3C What's next?
  12. Right, it's been a while since I've had a chance to get back on here but here's a copy of my latest kaspersky scan and also an hjt log now tha I've got norton 360 installed. My computer seems to be running fine apart from google which goes to random pages instead of what i search for. What's next? -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Wednesday, January 27, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, January 26, 2010 23:22:11 Records in database: 3374802 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 104384 Threats found: 2 Infected objects found: 5 Suspicious objects found: 0 Scan duration: 11:32:43 File name / Threat / Threats count C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{087AD7A3-C010-4FAC-8511-B0DA327F5994} Infected: Trojan.Win32.Qhost.ka 1 C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9C2D0797-7A3F-40FC-813F-4CE9E41C393F} Infected: Trojan.Win32.Qhost.ka 1 C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CF55BCDD-475C-499B-82B8-728AFC7B450E} Infected: Trojan.Win32.Qhost.ka 1 C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{FE00FBED-79A1-4B5E-9619-15E598B715D7} Infected: Trojan.Win32.Qhost.ka 1 C:\Program Files\Trend Micro\HijackThis\backups\backup-20100107-214052-489.dll Infected: not-a-virus:AdWare.Win32.EZula.fl 1 Selected area has been scanned. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:16:26, on 27/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe C:\Program Files\TalkTalk\bin\sprtsvc.exe C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre6\bin\java.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll O1 - Hosts: [internet Media][AS12008][204.69.234.0 - 204.69.234.255] O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {a8eeebd5-9962-5197-5172-d056c9db9f81} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ulead AutoDetector] "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" O4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [ppmate] "C:\Program Files\PPMate\PPMate\ppmate.exe" -autoplay O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...448/mcfscan.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- End of file - 12988 bytes
  13. [Luckily I don't use this computer for online banking, but like most people I have bought things online. It will be very hard to remember all the sites that I have used and bought, is there some sort of tool I can download to find them? Do I need to contact all the websites or just those that I know I've used recently and also should I notify stores that I've bought items from or just change my password on that site? I think the risk of having my passwords stolen is smaller than if I stored them normally, as I have used Norton to store my passwords rather than just on the computer, but I have still contacted my bank just in case.
  14. Here are my MBAM report and also my latest hjk log. What do you think? I'm still not running any antivirus but I expect my norton 360 to be delivered tomorrow. Malwarebytes' Anti-Malware 1.44 Database version: 3537 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/01/2010 00:23:26 mbam-log-2010-01-11 (00-23-26).txt Scan type: Quick Scan Objects scanned: 123962 Time elapsed: 9 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 7 Registry Values Infected: 4 Registry Data Items Infected: 10 Folders Infected: 0 Files Infected: 17 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\SYSTEM32\sshnas.dll (Trojan.Downloader) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Rootkit.Agent) -> Data: c:\windows\system32\kbdsock.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Rootkit.Agent) -> Data: system32\kbdsock.dll -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\SYSTEM32\sshnas.dll (Trojan.Downloader) -> Delete on reboot. C:\ydbkaxo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\mshlps.dll (Spyware.Passwords) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\winlogon86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\winupdate .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\winhelper86.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\stxvmt.sys (Rootkit.Agent) -> Delete on reboot. C:\Documents and Settings\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Ali\Start Menu\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Ali\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\flags.ini (Malware.Trace) -> Delete on reboot. C:\WINDOWS\SYSTEM32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\kbdsock.dll (Rootkit.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:31:38, on 11/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\TalkTalk\bin\sprtsvc.exe C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\TalkTalk\bin\sprtcmd.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll O1 - Hosts: [internet Media][AS12008][204.69.234.0 - 204.69.234.255] O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {a8eeebd5-9962-5197-5172-d056c9db9f81} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ulead AutoDetector] "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" O4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [ppmate] "C:\Program Files\PPMate\PPMate\ppmate.exe" -autoplay O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...448/mcfscan.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 13387 bytes
  15. I haven't tried surfing at all so i don't know about whether I'm still getting pop-ups or redirected to the wrong website, but there's no internet security(apart from the start menu) or red cross in the bottom right corner which seems good. Here's the Kaspersky Scan: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Friday, January 8, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, January 08, 2010 07:48:45 Records in database: 3325935 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 105259 Threats found: 11 Infected objects found: 81 Suspicious objects found: 0 Scan duration: 11:48:35 File name / Threat / Threats count ati2evxx.exe\kbdsock.dll/ati2evxx.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 C:\WINDOWS\system32\kbdsock.dll/C:\WINDOWS\system32\kbdsock.dll Infected: Trojan.Win32.Agent.deot 31 c:\windows\system32\sshnas.dll/c:\windows\system32\sshnas.dll Infected: Trojan.Win32.FraudPack.ajrf 4 CCSVCHST.EXE\kbdsock.dll/CCSVCHST.EXE\kbdsock.dll Infected: Trojan.Win32.Agent.deot 2 explorer.exe\kbdsock.dll/explorer.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 spoolsv.exe\kbdsock.dll/spoolsv.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 monitor.exe\kbdsock.dll/monitor.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 hpwuSchd2.exe\kbdsock.dll/hpwuSchd2.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 hpotdd01.exe\kbdsock.dll/hpotdd01.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 QTTask.exe\kbdsock.dll/QTTask.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 iTunesHelper.exe\kbdsock.dll/iTunesHelper.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 sprtcmd.exe\kbdsock.dll/sprtcmd.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 ctfmon.exe\kbdsock.dll/ctfmon.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 msmsgs.exe\kbdsock.dll/msmsgs.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 NMBgMonitor.exe\kbdsock.dll/NMBgMonitor.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 acrotray.exe\kbdsock.dll/acrotray.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 AppleMobileDeviceService.exe\kbdsock.dll/AppleMobileDeviceService.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 AluSchedulerSvc.exe\kbdsock.dll/AluSchedulerSvc.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 IAANTmon.exe\kbdsock.dll/IAANTmon.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 jqs.exe\kbdsock.dll/jqs.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 MDM.EXE\kbdsock.dll/MDM.EXE\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 sprtsvc.exe\kbdsock.dll/sprtsvc.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 tgsrvc.exe\kbdsock.dll/tgsrvc.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 SpySweeper.exe\kbdsock.dll/SpySweeper.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 iPodService.exe\kbdsock.dll/iPodService.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 iexplore.exe\kbdsock.dll/iexplore.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 3 WinRAR.exe\kbdsock.dll/WinRAR.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 Acrobat.exe\kbdsock.dll/Acrobat.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 WISPTIS.EXE\kbdsock.dll/WISPTIS.EXE\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 msnmsgr.exe\kbdsock.dll/msnmsgr.exe\kbdsock.dll Infected: Trojan.Win32.Agent.deot 1 C:\Documents and Settings\Ali\Application Data\SystemProc\lsass.exe Infected: Trojan.Win32.Swisyn.twi 1 C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{087AD7A3-C010-4FAC-8511-B0DA327F5994} Infected: Trojan.Win32.Qhost.ka 1 C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9C2D0797-7A3F-40FC-813F-4CE9E41C393F} Infected: Trojan.Win32.Qhost.ka 1 C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CF55BCDD-475C-499B-82B8-728AFC7B450E} Infected: Trojan.Win32.Qhost.ka 1 C:\Documents and Settings\Ali\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{FE00FBED-79A1-4B5E-9619-15E598B715D7} Infected: Trojan.Win32.Qhost.ka 1 C:\WINDOWS\SYSTEM32\critical_warning.html Infected: Trojan.JS.Hoax.b 1 C:\WINDOWS\SYSTEM32\sshnas.dll Infected: Trojan.Win32.FraudPack.ajrf 1 C:\WINDOWS\SYSTEM32\winhelper86.dll Infected: Trojan.Win32.BHO.adcn 1 C:\WINDOWS\SYSTEM32\winlogon86.exe Infected: Trojan-Downloader.Win32.FraudLoad.gij 1 C:\WINDOWS\SYSTEM32\winupdate .exe Infected: Trojan-Downloader.Win32.FraudLoad.fwn 1 C:\ydbkaxo.exe Infected: Trojan-Downloader.Win32.FraudLoad.gij 1 C:\_OTM\MovedFiles\01072010_214413\C_Documents and Settings\Ali\.COMMgr\complmgr.exe Infected: Trojan.Win32.Scar.bbjy 1 C:\_OTM\MovedFiles\01072010_214413\C_DOCUME~1\Ali\LOCALS~1\Temp\c.exe Infected: Packed.Win32.Krap.ag 1 C:\_OTM\MovedFiles\01072010_214413\C_Program Files\InternetSecurity2010\IS2010.exe Infected: Trojan.Win32.FraudPack.ajsf 1 C:\_OTM\MovedFiles\01072010_214413\C_WINDOWS\system32\winupdate86.exe Infected: Trojan-Downloader.Win32.FraudLoad.gij 1 Selected area has been scanned. and here's the latest hijackthis log run after the scan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:22:53, on 10/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\TalkTalk\bin\sprtsvc.exe C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\TalkTalk\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll O1 - Hosts: [internet Media][AS12008][204.69.234.0 - 204.69.234.255] O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {a8eeebd5-9962-5197-5172-d056c9db9f81} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ulead AutoDetector] "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" O4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [ppmate] "C:\Program Files\PPMate\PPMate\ppmate.exe" -autoplay O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...448/mcfscan.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 13492 bytes
×
×
  • Create New...