Recently my pc has been acting rather strangely. As stated in the thread title, I'm experiencing random sound losses, to fix it I have to click on the wave volume bar in system volume.

Also, when the volume is back on I often hear random clicking sounds, as if I clicked on a folder in explorer for example. Sometimes I hear an advertisement!

And lastly, I have the occasional ad popup in IE even though I never use IE, only Firefox.



DSS as follows:




DDS (Ver_10-03-17.01) - NTFSx86
Run by Brian at 18:15:02.43 on 20/07/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1151.595 [GMT 1:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

svchost.exe 4
svchost.exe 4
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\InnerPassFileSharing.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Bar = hxxp://srch-qgb8l.hpwis.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Innerpass] c:\documents and settings\all users\application data\skype\plugins\plugins\9e0d937f462e4362a83b254a9f8ab3f8\InnerPassFileSharing.exe autostart
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [<NO NAME>] c:\program files\games engine\Games_Engine.exe 1.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brian\applic~1\mozilla\firefox\profiles\4k31wz8g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2008-9-22 5632]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-17 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-17 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-17 40384]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-12 54752]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-12-18 1044808]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-17 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-17 40384]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 gupdate1c962eb542c1402;Google Update Service (gupdate1c962eb542c1402);c:\program files\google\update\GoogleUpdate.exe [2008-12-20 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [2004-8-20 23208]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [2004-8-20 17448]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\brian\locals~1\temp\jnv4_mib.sys --> c:\docume~1\brian\locals~1\temp\jnv4_mib.sys [?]
S3 PhDebug32;PhDebug32;\??\c:\hr60\bios\debug32.sys --> c:\hr60\bios\debug32.sys [?]
S3 VisorUsb;Handspring USB;c:\windows\system32\drivers\VisorUsb.sys [2005-2-5 19968]

=============== Created Last 30 ================

2010-07-18 17:23:54 38848 ----a-w- c:\windows\avastSS.scr
2010-07-18 17:18:22 0 d-----w- c:\program files\msn gaming zone
2010-07-14 21:00:07 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-05-04 12:39:27 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2008-09-22 20:01:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080923\index.dat

============= FINISH: 18:16:19.00 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/04/2004 21:37:37
System Uptime: 20/07/2010 17:54:20 (1 hours ago)

Motherboard: Hewlett-Packard | | 089C
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | JP8 | 2800/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 61.189 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1594: 22/04/2010 10:36:37 - System Checkpoint
RP1595: 23/04/2010 11:31:39 - System Checkpoint
RP1596: 24/04/2010 12:00:57 - System Checkpoint
RP1597: 26/04/2010 10:09:19 - System Checkpoint
RP1598: 28/04/2010 11:54:54 - System Checkpoint
RP1599: 29/04/2010 18:52:15 - System Checkpoint
RP1600: 30/04/2010 19:18:03 - System Checkpoint
RP1601: 01/05/2010 19:31:35 - System Checkpoint
RP1602: 02/05/2010 19:48:33 - System Checkpoint
RP1603: 04/05/2010 10:38:08 - System Checkpoint
RP1604: 05/05/2010 11:19:47 - System Checkpoint
RP1605: 06/05/2010 22:39:19 - System Checkpoint
RP1606: 07/05/2010 14:04:15 - Removed RENESIS® Player Browser Plugins
RP1607: 08/05/2010 14:46:01 - System Checkpoint
RP1608: 09/05/2010 15:20:51 - System Checkpoint
RP1609: 10/05/2010 15:30:56 - System Checkpoint
RP1610: 11/05/2010 16:22:52 - System Checkpoint
RP1611: 12/05/2010 10:00:21 - Software Distribution Service 3.0
RP1612: 13/05/2010 12:15:36 - System Checkpoint
RP1613: 14/05/2010 15:24:49 - System Checkpoint
RP1614: 15/05/2010 18:06:18 - System Checkpoint
RP1615: 16/05/2010 19:13:42 - System Checkpoint
RP1616: 18/05/2010 10:13:58 - System Checkpoint
RP1617: 19/05/2010 21:40:35 - System Checkpoint
RP1618: 20/05/2010 21:49:15 - System Checkpoint
RP1619: 24/05/2010 11:29:33 - System Checkpoint
RP1620: 25/05/2010 12:18:40 - System Checkpoint
RP1621: 26/05/2010 10:00:25 - Software Distribution Service 3.0
RP1622: 27/05/2010 18:39:23 - System Checkpoint
RP1623: 29/05/2010 10:10:03 - System Checkpoint
RP1624: 30/05/2010 18:55:47 - System Checkpoint
RP1625: 01/06/2010 10:50:29 - System Checkpoint
RP1626: 02/06/2010 13:01:36 - System Checkpoint
RP1627: 03/06/2010 13:35:35 - System Checkpoint
RP1628: 04/06/2010 19:34:06 - System Checkpoint
RP1629: 05/06/2010 10:00:18 - Software Distribution Service 3.0
RP1630: 06/06/2010 11:38:11 - System Checkpoint
RP1631: 07/06/2010 12:33:16 - System Checkpoint
RP1632: 09/06/2010 10:08:09 - Software Distribution Service 3.0
RP1633: 10/06/2010 11:46:47 - Software Distribution Service 3.0
RP1634: 12/06/2010 09:15:50 - System Checkpoint
RP1635: 15/06/2010 14:59:53 - System Checkpoint
RP1636: 16/06/2010 15:00:07 - System Checkpoint
RP1637: 17/06/2010 10:00:23 - Software Distribution Service 3.0
RP1638: 18/06/2010 22:31:08 - System Checkpoint
RP1639: 21/06/2010 08:21:34 - System Checkpoint
RP1640: 22/06/2010 11:53:57 - System Checkpoint
RP1641: 23/06/2010 12:34:40 - System Checkpoint
RP1642: 24/06/2010 17:35:48 - System Checkpoint
RP1643: 25/06/2010 10:02:15 - Software Distribution Service 3.0
RP1644: 28/06/2010 11:14:26 - System Checkpoint
RP1645: 29/06/2010 12:03:40 - System Checkpoint
RP1646: 30/06/2010 12:13:40 - System Checkpoint
RP1647: 01/07/2010 17:08:46 - Spybot-S&D Spyware removal
RP1648: 02/07/2010 14:54:53 - Spybot-S&D Spyware removal
RP1649: 03/07/2010 17:23:20 - System Checkpoint
RP1650: 06/07/2010 08:42:19 - System Checkpoint
RP1651: 06/07/2010 17:26:09 - Spybot-S&D Spyware removal
RP1652: 07/07/2010 18:24:18 - System Checkpoint
RP1653: 09/07/2010 09:03:47 - System Checkpoint
RP1654: 10/07/2010 09:23:31 - System Checkpoint
RP1655: 11/07/2010 11:18:22 - System Checkpoint
RP1656: 12/07/2010 12:49:46 - System Checkpoint
RP1657: 13/07/2010 13:27:57 - System Checkpoint
RP1658: 14/07/2010 15:25:28 - System Checkpoint
RP1659: 15/07/2010 10:01:08 - Software Distribution Service 3.0
RP1660: 16/07/2010 10:17:32 - System Checkpoint
RP1661: 16/07/2010 14:43:11 - Spybot-S&D Spyware removal
RP1662: 16/07/2010 14:48:30 - Spybot-S&D Spyware removal
RP1663: 17/07/2010 15:16:05 - System Checkpoint
RP1664: 19/07/2010 02:06:47 - System Checkpoint
RP1665: 20/07/2010 08:37:20 - System Checkpoint

==== Installed Programs ======================


Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator CS
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Agere Systems AC'97 Modem
Apple Application Support
Apple Software Update
Art Attack
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
BAMZOOKi v3.1 (build 115.158)
Barbie® As Sleeping Beauty
battleshipsv1.12
BBC Balamory
BBC Bill and Ben
BBC Bob The Builder
BBC Tweenies - Messy Time Magic
BBC Tweenies - Ready to Play
Business Plan
Business Planner version 3
Call of Duty(R) 4 - Modern Warfare(TM)
Canon MV5i WIA Driver
Canon PhotoRecord
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Critical Update for Windows Media Player 11 (KB959772)
Cruising Navigator
Direct Show Ogg Vorbis Filter (remove only)
Disney's Activity Centre, A Bug's Life
Disney's Tigger Too
Disney Interactive Global Compatibility Update June 2003
DivX Converter
DivX Setup
Easy CD & DVD Creator 6
easy Internet sign-up
Email Spider Easy
ERUNT 1.1j
F5U002 USB to Printer Adapter
FastTrak 800 Thousand Clipart
Free CD to MP3 Converter
Games Engine
Garmin City Navigator Europe v9
Garmin MapSource
Garmin WebUpdater
Ghost Recon
Google Chrome
Google Earth
Google Update Helper
Google Updater
GoPets
Half-Life(R) 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet Preloaded Printer Drivers
HP Help and Support
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Product Detection
HP Update
HpSdpAppCoreApp
InterActual Player
InterVideo WinDVD
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_03
Java Web Start
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Jump Ahead 2000 Starting Maths v1.0
Jump Ahead 2000 Year 1 v2.4
Jump Ahead Starting School 2000 v2.0
Junk Mail filter update
Lexware Elster
Lexware financial office 2009
Lexware Info Service
Logitech QuickCam Software
Logitech® Camera Driver
Malwarebytes' Anti-Malware
MapSource
MapSource - European City Navigator v6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
Microsoft XML Parser
Mozilla Firefox (3.6.6)
Mozilla Thunderbird (2.0.0.24)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero
Nero 8 Essentials
neroxml
Netscape (7.1)
Nokia Connectivity Cable Driver
OpenOffice.org 1.1.2
OpenOffice.org 2.1
Palm Desktop and Synchronization Software
PC Doc Pro 3.1
PCI 1620 Cardbus Controller and Software
Peggle Extreme
Penny Penguin's Math Bingo
Photosmart 140,240,7200,7600,7700,7900 Series
PSShortcutsP
Puzzle Master 2
Quick Launch Buttons 4.20 C1
QuickTime
RealPlayer
RealUpgrade 1.0
Registry Mechanic
SAGEM F@st 800-840
SecurDisc Viewer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
Skype Toolbars
Skype™ 4.2
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Steam(TM)
System Requirements Lab
TI1620/1520
Timez Attack Free
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
WebFldrs XP
WiFi Engine
WinAce Archiver
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

19/07/2010 01:39:57, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate Scheduler service to connect.
19/07/2010 01:39:57, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/07/2010 18:23:55, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
18/07/2010 18:15:27, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {69AD4AEE-51BE-439B-A92C-86AE490E8B30}
18/07/2010 18:13:25, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
18/07/2010 12:55:21, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi cdudf_xp eabfiltr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
18/07/2010 12:55:21, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
18/07/2010 12:55:21, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/07/2010 12:55:21, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/07/2010 12:55:21, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/07/2010 12:55:21, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
18/07/2010 12:54:56, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
16/07/2010 08:11:32, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
14/07/2010 07:51:50, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
14/07/2010 07:50:57, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

==== End Of File ===========================

Hello and welcome to Safer Networking.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

Hi Jack and Jill,

Thanks for looking into this problem. I am with you :-)

Hello sufferinginsilence :),

Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.

--------------------

Please download MBRCheck© by a_d_13 from one of the links below and save it to your desktop.

Link 1 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 2 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)

Preliminary scan

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running MBRCheck. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on MBRCheck.exe to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
A command prompt window will open.
If you are presented with options, enter N at the prompt and press Enter twice.
Otherwise, just press Enter.
A log file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop. Please post the contents of that file.

--------------------

Check for Recovery Partition via script

Please download Preformat© by Noviciate and save to your desktop. Click here. (http://images.malwareremoval.com/Noviciate/Preformat.zip)
Extract Preformat.vbs from the zip file to the desktop and double click on it.
A script will run and will prompt that it has completed. Click OK.
A log will be created on the desktop as Preformat.txt. Please post the contents of this log.

--------------------

Do you have the Windows XP Installation disc? Is the Recovery Console installed on your computer?

Is this a business computer?

--------------------

Check for additional security risks

Please download CKScanner© by askey127 and save to your desktop. Click here. (http://downloads.malwareremoval.com/CKScanner.exe)
Double click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
Post the contents of ckfiles.txt in your reply, it is located on your desktop.

--------------------

Please post back:
1. MBRCheck log
2. Preformat.txt
3. the answers to my questions
4. CKScanner log

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

111 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Done! Press ENTER to exit...




-------------------------------------------------



Partition ID: Disk #0, Partition #0
Size: 111.79 GB

The computer boots from this partition.

~~~~~~~~~~~~~~~~~~~~~~~~

BIOS Manufacturer: Hewlett-Packard
Name: Ver 1.00PARTTBL
Status: OK

This is the primary BIOS.

~~~~~~~~~~~~~~~~~~~~~~~~



------------------------------------------------------------------


CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\brian\my documents\new folder\gopets ltd\effect\motion\effect_all firecracke.emt
c:\documents and settings\brian\my documents\new folder\gopets ltd\effect\tex\effect_firecracker00.dds
c:\download\nintendods\safecracker the ultimate puzzle adventure(eu).zip
c:\download\nintendods\sara\games\b-safecracker.nds
c:\download\nintendods\sara\games\b-safecracker.nfo
c:\download\nintendods\sara\games\b-safecracker.sav
c:\games\red storm entertainment\ghost recon\mods\mp1\map\d01_beach\m01_cracked_wood.rsb
c:\games\red storm entertainment\ghost recon\mods\mp1\map\dp05_ravine\pmp08_cracked_wood.rsb
c:\games\red storm entertainment\ghost recon\mods\origmiss\map\mp05_docks\mp05_cracks.rsb
c:\games\red storm entertainment\ghost recon\mods\origmiss\map\training\tr_flr_con_ext_crackdirt.rsb
c:\games\red storm entertainment\ghost recon\mods\origmiss\map\training\tr_flr_con_ext_cracks.rsb
c:\games\red storm entertainment\ghost recon\mods\origmiss\textures\cracked_glass.rsb
c:\games\red storm entertainment\ghost recon\mods\tacticalgamer\map\prison\m05_pavement_cracked.rsb
c:\program files\kelloggs art attack\art attack\showme\assets\crackers\crackerhat.swf
c:\program files\kelloggs art attack\art attack\showme\assets\crackers\crackerpt1.swf
c:\program files\kelloggs art attack\art attack\showme\assets\crackers\crackerpt2.swf
c:\program files\kelloggs art attack\art attack\showme\assets\crackers\crackerpt3.swf
c:\program files\kelloggs art attack\art attack\showme\assets\crackers\crackerpt4.swf
c:\program files\kelloggs art attack\art attack\showme\assets\crackers\crackerpt5.swf
c:\program files\kelloggs art attack\art attack\showme\assets\crackers\crackerpt6.swf
c:\tools\tuneup utilities 2010 v9.0.3000.136\crack\appinitialization.bpl
c:\tools\tuneup utilities 2010 v9.0.3000.136\crack\commonforms.bpl
c:\tools\tuneup utilities 2010 v9.0.3000.136\crack\registration.reg
c:\tools\tuneup utilities 2010 v9.0.3000.136\crack\tulic.dll
scanner sequence 3.ZZ.11
----- EOF -----



Yes I have a Windows XP Installation disk
I think the Recovery Console is installed but not sure
No, this is the family laptop

:bigthumb:

Hello sufferinginsilence :),

I see that you have Registry Cleaner program(s) installed.

PC Doc Pro 3.1
Registry Mechanic
TuneUp Utilities

Personally, I do not recommend any such programs. Here is an excerpt from a discussion on Registry Cleaners:

Most Registry Cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop. See here (http://billpstudios.blogspot.com/2007/04/do-i-need-registry-cleaner.html) for additional information. You may uninstall it through Add/Remove Programs at the Control Panel.

Here (http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html) is another good writeup by one of our experts on this matter.

--------------------

Please uninstall Spybot - Search & Destroy and Spybot - Search & Destroy 1.3. Make sure you do this step first before continue to the next step.

I will make some recommendations to you when we are done cleaning up your laptop.

--------------------

Now comes the tricky part.

Due to the nature of the infection that you have, we will need to proceed cautiously. It is a very tough one to fix and may at times during the course of fixing, cause the computer unbootable. However, all the information that I have now from your computer shows that this is very unlikely, but we must be prepared for the worst. If it happens, we will make use of the Windows XP Installation disc and try other means.

Please read the intructions carefully.

Fix with MBRCheck

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running MBRCheck. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on MBRCheck.exe to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
A command prompt window will open.
When you see Enter 'Y' and hit ENTER for more options, or 'N' to exit:, type in the letter y and press Enter.
Next, type in the number 2 and press Enter to restore the MBR.
You will be asked to enter the physical disk number, please type in the number 0 and press Enter.
A list of MBR codes will appear with this message; Please select the MBR code to write to this drive:. Type in the number 1 for Windows XP and press Enter.
You will be prompted for confirmation, please type yes and press Enter.
Click on the command prompt logo at the top or right click on the title bar (where program name and path is written), then select Edits > Select All.
The whole window will be highlighted. Press Enter to copy the selected text and paste it into Notepad. Save the file as MBRCheck results.txt on your desktop.
Press Enter again to exit, then restart your computer for the fix to take effect.
Post the contents of MBRCheck results.txt.

--------------------

Please post back:
1. the MBRCheck result

MBRCheck, version 1.1.1
(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected


Done! Press ENTER to exit...


-------------------------------------------------------


I forgot to save and copy the results of the MBRCheck straight after using it so I restarted windows ran the MBRcheck again and saved a copy of the text.

Hello sufferinginsilence :),

Looks like everything went well.

Please download Malwarebytes' Anti-Malware (MBAM)© from Malwarebytes and save it to your desktop. Click here. (http://www.malwarebytes.org/mbam-download.php)

Run MBAM

Double click on mbam-setup.exe and follow the prompts to install the program.
At the end of installation, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
MBAM will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update mirror, select one of the websites and click on Check for Updates.
Upon completion of update and loading, select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
When done, you will be prompted. Click OK, then click on Show Results.
Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

--------------------

Please post back:
1. the MBAM report
2. new DDS log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4356

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

27/07/2010 01:33:49
mbam-log-2010-07-27 (01-33-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 299255
Time elapsed: 1 hour(s), 2 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


---------------------------------------------------------



DDS (Ver_10-03-17.01) - NTFSx86
Run by Brian at 6:04:59.48 on 27/07/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1151.507 [GMT 1:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\InnerPassFileSharing.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Brian\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Bar = hxxp://srch-qgb8l.hpwis.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Innerpass] c:\documents and settings\all users\application data\skype\plugins\plugins\9e0d937f462e4362a83b254a9f8ab3f8\InnerPassFileSharing.exe autostart
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [<NO NAME>] c:\program files\games engine\Games_Engine.exe 1.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brian\applic~1\mozilla\firefox\profiles\4k31wz8g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2008-9-22 5632]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-17 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-17 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-17 40384]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-12 54752]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-12-18 1044808]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-20 38224]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 gupdate1c962eb542c1402;Google Update Service (gupdate1c962eb542c1402);c:\program files\google\update\GoogleUpdate.exe [2008-12-20 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-17 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-17 40384]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [2004-8-20 23208]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [2004-8-20 17448]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\brian\locals~1\temp\jnv4_mib.sys --> c:\docume~1\brian\locals~1\temp\jnv4_mib.sys [?]
S3 PhDebug32;PhDebug32;\??\c:\hr60\bios\debug32.sys --> c:\hr60\bios\debug32.sys [?]
S3 VisorUsb;Handspring USB;c:\windows\system32\drivers\VisorUsb.sys [2005-2-5 19968]

=============== Created Last 30 ================

2010-07-18 17:23:54 38848 ----a-w- c:\windows\avastSS.scr
2010-07-18 17:18:22 0 d-----w- c:\program files\msn gaming zone
2010-07-14 21:00:07 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-05-04 12:39:27 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2008-09-22 20:01:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080923\index.dat

============= FINISH: 6:05:42.29 ===============


-----------------------------------------------------------------


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/04/2004 21:37:37
System Uptime: 26/07/2010 12:49:01 (18 hours ago)

Motherboard: Hewlett-Packard | | 089C
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | JP8 | 2800/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 61.276 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1598: 28/04/2010 11:54:54 - System Checkpoint
RP1599: 29/04/2010 18:52:15 - System Checkpoint
RP1600: 30/04/2010 19:18:03 - System Checkpoint
RP1601: 01/05/2010 19:31:35 - System Checkpoint
RP1602: 02/05/2010 19:48:33 - System Checkpoint
RP1603: 04/05/2010 10:38:08 - System Checkpoint
RP1604: 05/05/2010 11:19:47 - System Checkpoint
RP1605: 06/05/2010 22:39:19 - System Checkpoint
RP1606: 07/05/2010 14:04:15 - Removed RENESIS® Player Browser Plugins
RP1607: 08/05/2010 14:46:01 - System Checkpoint
RP1608: 09/05/2010 15:20:51 - System Checkpoint
RP1609: 10/05/2010 15:30:56 - System Checkpoint
RP1610: 11/05/2010 16:22:52 - System Checkpoint
RP1611: 12/05/2010 10:00:21 - Software Distribution Service 3.0
RP1612: 13/05/2010 12:15:36 - System Checkpoint
RP1613: 14/05/2010 15:24:49 - System Checkpoint
RP1614: 15/05/2010 18:06:18 - System Checkpoint
RP1615: 16/05/2010 19:13:42 - System Checkpoint
RP1616: 18/05/2010 10:13:58 - System Checkpoint
RP1617: 19/05/2010 21:40:35 - System Checkpoint
RP1618: 20/05/2010 21:49:15 - System Checkpoint
RP1619: 24/05/2010 11:29:33 - System Checkpoint
RP1620: 25/05/2010 12:18:40 - System Checkpoint
RP1621: 26/05/2010 10:00:25 - Software Distribution Service 3.0
RP1622: 27/05/2010 18:39:23 - System Checkpoint
RP1623: 29/05/2010 10:10:03 - System Checkpoint
RP1624: 30/05/2010 18:55:47 - System Checkpoint
RP1625: 01/06/2010 10:50:29 - System Checkpoint
RP1626: 02/06/2010 13:01:36 - System Checkpoint
RP1627: 03/06/2010 13:35:35 - System Checkpoint
RP1628: 04/06/2010 19:34:06 - System Checkpoint
RP1629: 05/06/2010 10:00:18 - Software Distribution Service 3.0
RP1630: 06/06/2010 11:38:11 - System Checkpoint
RP1631: 07/06/2010 12:33:16 - System Checkpoint
RP1632: 09/06/2010 10:08:09 - Software Distribution Service 3.0
RP1633: 10/06/2010 11:46:47 - Software Distribution Service 3.0
RP1634: 12/06/2010 09:15:50 - System Checkpoint
RP1635: 15/06/2010 14:59:53 - System Checkpoint
RP1636: 16/06/2010 15:00:07 - System Checkpoint
RP1637: 17/06/2010 10:00:23 - Software Distribution Service 3.0
RP1638: 18/06/2010 22:31:08 - System Checkpoint
RP1639: 21/06/2010 08:21:34 - System Checkpoint
RP1640: 22/06/2010 11:53:57 - System Checkpoint
RP1641: 23/06/2010 12:34:40 - System Checkpoint
RP1642: 24/06/2010 17:35:48 - System Checkpoint
RP1643: 25/06/2010 10:02:15 - Software Distribution Service 3.0
RP1644: 28/06/2010 11:14:26 - System Checkpoint
RP1645: 29/06/2010 12:03:40 - System Checkpoint
RP1646: 30/06/2010 12:13:40 - System Checkpoint
RP1647: 01/07/2010 17:08:46 - Spybot-S&D Spyware removal
RP1648: 02/07/2010 14:54:53 - Spybot-S&D Spyware removal
RP1649: 03/07/2010 17:23:20 - System Checkpoint
RP1650: 06/07/2010 08:42:19 - System Checkpoint
RP1651: 06/07/2010 17:26:09 - Spybot-S&D Spyware removal
RP1652: 07/07/2010 18:24:18 - System Checkpoint
RP1653: 09/07/2010 09:03:47 - System Checkpoint
RP1654: 10/07/2010 09:23:31 - System Checkpoint
RP1655: 11/07/2010 11:18:22 - System Checkpoint
RP1656: 12/07/2010 12:49:46 - System Checkpoint
RP1657: 13/07/2010 13:27:57 - System Checkpoint
RP1658: 14/07/2010 15:25:28 - System Checkpoint
RP1659: 15/07/2010 10:01:08 - Software Distribution Service 3.0
RP1660: 16/07/2010 10:17:32 - System Checkpoint
RP1661: 16/07/2010 14:43:11 - Spybot-S&D Spyware removal
RP1662: 16/07/2010 14:48:30 - Spybot-S&D Spyware removal
RP1663: 17/07/2010 15:16:05 - System Checkpoint
RP1664: 19/07/2010 02:06:47 - System Checkpoint
RP1665: 20/07/2010 08:37:20 - System Checkpoint
RP1666: 21/07/2010 18:32:05 - System Checkpoint
RP1667: 22/07/2010 17:51:24 - Software Distribution Service 3.0
RP1668: 23/07/2010 19:48:16 - System Checkpoint
RP1669: 25/07/2010 08:38:14 - System Checkpoint
RP1670: 26/07/2010 09:36:13 - System Checkpoint

==== Installed Programs ======================


Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator CS
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Agere Systems AC'97 Modem
Apple Application Support
Apple Software Update
Art Attack
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
BAMZOOKi v3.1 (build 115.158)
Barbie® As Sleeping Beauty
battleshipsv1.12
BBC Balamory
BBC Bill and Ben
BBC Bob The Builder
BBC Tweenies - Messy Time Magic
BBC Tweenies - Ready to Play
Business Plan
Business Planner version 3
Call of Duty(R) 4 - Modern Warfare(TM)
Canon MV5i WIA Driver
Canon PhotoRecord
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Critical Update for Windows Media Player 11 (KB959772)
Cruising Navigator
Direct Show Ogg Vorbis Filter (remove only)
Disney's Activity Centre, A Bug's Life
Disney's Tigger Too
Disney Interactive Global Compatibility Update June 2003
DivX Converter
DivX Setup
Easy CD & DVD Creator 6
easy Internet sign-up
Email Spider Easy
ERUNT 1.1j
F5U002 USB to Printer Adapter
FastTrak 800 Thousand Clipart
Free CD to MP3 Converter
Games Engine
Garmin City Navigator Europe v9
Garmin MapSource
Garmin WebUpdater
Ghost Recon
Google Chrome
Google Earth
Google Update Helper
Google Updater
GoPets
Half-Life(R) 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet Preloaded Printer Drivers
HP Help and Support
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Product Detection
HP Update
HpSdpAppCoreApp
InterActual Player
InterVideo WinDVD
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_03
Java Web Start
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Jump Ahead 2000 Starting Maths v1.0
Jump Ahead 2000 Year 1 v2.4
Jump Ahead Starting School 2000 v2.0
Junk Mail filter update
Lexware Elster
Lexware financial office 2009
Lexware Info Service
Logitech QuickCam Software
Logitech® Camera Driver
Malwarebytes' Anti-Malware
MapSource
MapSource - European City Navigator v6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
Microsoft XML Parser
Mozilla Firefox (3.6.7)
Mozilla Thunderbird (2.0.0.24)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero
Nero 8 Essentials
neroxml
Netscape (7.1)
Nokia Connectivity Cable Driver
OpenOffice.org 1.1.2
OpenOffice.org 2.1
Palm Desktop and Synchronization Software
PC Doc Pro 3.1
PCI 1620 Cardbus Controller and Software
Peggle Extreme
Penny Penguin's Math Bingo
Photosmart 140,240,7200,7600,7700,7900 Series
PSShortcutsP
Puzzle Master 2
Quick Launch Buttons 4.20 C1
QuickTime
RealPlayer
RealUpgrade 1.0
Registry Mechanic
SAGEM F@st 800-840
SecurDisc Viewer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
Skype Toolbars
Skype™ 4.2
SoundMAX
Steam(TM)
System Requirements Lab
TI1620/1520
Timez Attack Free
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
WebFldrs XP
WiFi Engine
WinAce Archiver
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

24/07/2010 07:24:35, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
21/07/2010 09:16:36, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TuneUp.UtilitiesSvc service.
20/07/2010 20:16:48, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
20/07/2010 17:57:45, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate Scheduler service to connect.
20/07/2010 17:57:45, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
20/07/2010 17:57:45, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/07/2010 08:00:31, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.

==== End Of File ===========================


:bigthumb:

Hello sufferinginsilence :),

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
Click Finish and close the window.
Navigate to C:\Program Files\ESET\ESET Online Scanner using Windows Explorer and look for log.txt.
Post the contents of log.txt in your reply.

--------------------

Please post back:
1. the ESET online scan result
2. how is your computer now?

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=766fe524c7a41d49b85edbc0876d4cda
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-27 08:53:19
# local_time=2010-07-27 09:53:19 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 13944106 13944106 0 0
# compatibility_mode=8192 67108863 100 0 249 249 0 0
# scanned=134972
# found=11
# cleaned=0
# scan_time=8777
C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\qu7iv19e.slt\Mail\Local Folders\Drafts Win32/Hybris worm 00000000000000000000000000000000 I
C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\qu7iv19e.slt\Mail\pop3.astrosat.info\Junk multiple threats 00000000000000000000000000000000 I
C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\qu7iv19e.slt\Mail\pop3.astrosat.info\Trash multiple threats 00000000000000000000000000000000 I
C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\qu7iv19e.slt\Mail\pop3.astrosat.info\Inbox.sbd\Order multiple threats 00000000000000000000000000000000 I
C:\Documents and Settings\Brian\Application Data\Thunderbird\Profiles\qzxyh6tx.default\Mail\Local Folders\Drafts Win32/Hybris worm 00000000000000000000000000000000 I
C:\Documents and Settings\Brian\Application Data\Thunderbird\Profiles\qzxyh6tx.default\Mail\pop.1and1.co-1.uk\Junk multiple threats 00000000000000000000000000000000 I
C:\Documents and Settings\Brian\Application Data\Thunderbird\Profiles\qzxyh6tx.default\Mail\pop.1and1.co.uk\Junk multiple threats 00000000000000000000000000000000 I
C:\Documents and Settings\Brian\Application Data\Thunderbird\Profiles\qzxyh6tx.default\Mail\pop.1and1.co.uk\Trash multiple threats 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-484667254-1225693938-3987437657-1007\Dc15.exe a variant of Win32/Adware.DoubleD.AB application 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-484667254-1225693938-3987437657-1007\Dc16.exe a variant of Win32/Adware.DoubleD.AB application 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-484667254-1225693938-3987437657-1007\Dc17.exe a variant of Win32/Adware.DoubleD.AB application 00000000000000000000000000000000 I



:sad:

Hello sufferinginsilence :),

Those findings from the ESET scan are found in your mailbox of the Mozilla Mail and Thunderbird. You will need to delete any suspicious emails to get rid of them. The last three can be removed when you empty the Recycle Bin.

--------------------

Please download SystemLook© by jpshortstuff from one of the links below and save it to your desktop.

Link 1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link 2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)


Double click on SystemLook.exe to run it.
Copy and paste the following text into the main textfield:

:file
c:\docume~1\brian\locals~1\temp\jnv4_mib.sys
c:\hr60\bios\debug32.sys

:service
jnv4_mib
PhDebug32

:filefind
1.exe
Click the Look button to start the scan. This might take a while.
When finished, a Notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your desktop as SystemLook.txt.

--------------------

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Adobe Reader 7.0


Go to the Adobe download page. Click here. (http://get.adobe.com/reader/)
If your OS is not the same as stated, click on Different language or operating system? link.
Under the Select an operating system title, click on Select an OS... box and choose the OS that you have.
Change the language if you want by clicking on English below the Select a language title.
Press Continue.
Uncheck (untick) Free McAfee Security Scan (optional).
Click the Download now button after selecting the latest version.
Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.
If your OS is the same, uncheck (untick) Free McAfee Security Scan (optional).
Click Download to proceed. Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.

--------------------

Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.

Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7


Go to the Java SE download page. Click here. (http://java.sun.com/javase/downloads/index.jsp)
Look for JDK 6 Update 21 (JDK or JRE). Click the Download JRE button to the right.
Select Windows from the drop-down list for Platform.
Check I agree to the Java SE Runtime Environment 6u21 with JavaFX 1 License Agreement after reading it, and click Continue >>. The page will refresh.
Under the Windows Offline Installation title, click on the link which says jre-6u21-windows-i586.exe and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Then, from your desktop, double click on the download to install the newest version. Reboot your computer.

--------------------

Are you using the Netscape (7.1)? It is also outdated already. Best to remove it if no longer in use.

--------------------

Please post back:
1. the SystemLook result

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 03:59 on 29/07/2010 by Brian (Administrator - Elevation successful)

========== file ==========

c:\docume~1\brian\locals~1\temp\jnv4_mib.sys - Unable to find/read file.

c:\hr60\bios\debug32.sys - Unable to find/read file.

========== service ==========

jnv4_mib
jnv4_mib
(No Description)
Current Status: Stopped
Startup Type: Demand
Error Control: Critical
Binary: \??\C:\DOCUME~1\Brian\LOCALS~1\Temp\jnv4_mib.sys
Group: (none)
SafeBoot:
Dependencies:
(none)
Dependant Services:
(none)

PhDebug32
PhDebug32
(No Description)
Current Status: Stopped
Startup Type: Demand
Error Control: Critical
Binary: \??\c:\hr60\bios\debug32.sys
Group: (none)
SafeBoot:
Dependencies:
(none)
Dependant Services:
(none)

========== filefind ==========

Searching for "1.exe"
No files found.

-=End Of File=-

Hello sufferinginsilence :),

Everything looks good. Any more problems?

Hello sufferinginsilence :),

We are not done yet, are you still with me?

If I do not get any response within the next 24 hours, this topic will be closed.

Due to lack of response, this topic is now closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log. (http://forums.spybot.info/showpost.php?p=1150&postcount=2)

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.