Malware-kuasio.ka

A

amsterdam

New member
My laptop has 'kuasio.ka' malware/trojan also every time i run S&D 'microsoft windows.security internetExplorer' shows up as a problem.
I can't get online,when i try the laptop states 'connecting' but does nothing,hence the reason i don't have a HJT log.
When i could get on line i DL and ran malwarebytes and no problems showed up.
Any help appreciated.

I've managed to get the lap top online.I'll now run and post a HJT report.

amsterdam said:
I've managed to get the lap top online.I'll now run and post a HJT report.
Click to expand...
Sorry to mess you about but i can't get online.Please delete post 2 & 3.
Sorry.
 
Last edited by a moderator:
Hi,

You have to transfer the tools to the infected system.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.
 
Hello thanks for replying.

I can now get on line but i still have the two problems stated above,also running very,very slow.

Heres my hijackthis log file.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:56, on 27/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\SGPSA\ie3sh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\T-Mobile\web'n'walk Manager\bmctl.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\T-Mobile\web'n'walk Manager\bmop.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googlemyway.com/Xx Trace xX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: web'n'walk Manager.lnk = C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll
O23 - Service: McAfee Application Installer Cleanup (0032751249610039) (0032751249610039mcinstcleanup) - Unknown owner - C:\windows\TEMP\003275~1.EXE (file missing)
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 13253 bytes
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-24.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 06/08/2009 01:13:29
System Uptime: 27/09/2009 16:37:22 (0 hours ago)

Motherboard: Hewlett-Packard | | 30E4
Processor: AMD Sempron(tm) SI-42 | Unknown | 1100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 99.179 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.89 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (FAT32) - 1 GiB total, 0.994 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================


2007 Microsoft Office system
32 Bit HP CIO Components Installer
ActivClient 6.1 x86
Adobe Flash Player 10 ActiveX
Agere Systems HDA Modem
AOL Toolbar 5.0
Ask Toolbar
ATI Catalyst Install Manager
AVG Free 8.5
BIOS Configuration for HP ProtectTools
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Credential Manager for HP ProtectTools
Drive Encryption for HP ProtectTools
ESU for Microsoft Vista SP1
Fast Browser Search (My Web Tattoo)
File Sanitizer For HP ProtectTools
Free Studio version 4.2
Google Toolbar for Internet Explorer
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP 3D DriveGuard
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP JavaCard for HP ProtectTools
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons 6.40 E1
HP Software Setup 5.00.A.7
HP Update
HP User Guides 0108
HP Wallpaper
HP Wireless Assistant
HPNetworkAssistant
InterVideo DVD Check
InterVideo Register Manager
InterVideo WinDVD
Java(TM) 6 Update 6
LightScribe System Software 1.12.37.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access MUI (German) 2007
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (Dutch) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office Word MUI (Italian) 2007
Microsoft Visual C++ 2005 Redistributable
PDF Complete
Search Guard Plus (My Web Tattoo)
Search Guard Plus Updater (My Web Tattoo)
Skins
SoundMAX
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Vista Default Settings
web'n'walk Manager
web'n'walk Manager
Windows Live Messenger

==== End Of File ===========================





DDS (Ver_09-09-24.01) - NTFSx86
Run by tracey at 16:51:16.56 on 27/09/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.764.112 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Cognizance
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\Ati2evxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Ati2evxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\rpcnet.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\SGPSA\ie3sh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\T-Mobile\web'n'walk Manager\bmctl.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\T-Mobile\web'n'walk Manager\bmop.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\windows\system32\taskeng.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\windows\system32\wuauclt.exe
C:\Users\tracey\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://googlemyway.com/Xx%20Trace%20xX
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\web'n'~1.lnk - c:\program files\t-mobile\web'n'walk manager\web'n'walk Manager.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: APSHook.dll,avgrsstx.dll
LSA: Notification Packages = scecli ASWLNPkg

============= SERVICES / DRIVERS ===============

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-30 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-30 12928]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-19 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-19 108552]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-30 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-19 297752]
R2 GtDetectSc;GtDetectSc;c:\program files\t-mobile\web'n'walk manager\GtDetectSc.exe [2008-5-1 200704]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-2 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-30 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2008-7-23 77824]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-7 24936]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-7-23 576024]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-8-10 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-23 193840]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2008-11-7 62592]
R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2008-11-7 105984]
R3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [2008-11-7 20352]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2008-11-7 8064]
S2 0032751249610039mcinstcleanup;McAfee Application Installer Cleanup (0032751249610039);c:\windows\temp\003275~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\003275~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]

=============== Created Last 30 ================

2009-09-27 15:09 <DIR> --d----- c:\program files\Trend Micro
2009-09-27 00:17 56,680 a------- c:\windows\system32\rpcnet.exe
2009-09-27 00:17 56,680 a------- c:\windows\system32\rpcnet.dll
2009-09-26 22:46 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-09-24 21:33 <DIR> --d----- c:\windows\system32\EventProviders
2009-09-20 00:41 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-09-19 23:08 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-19 23:08 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-19 23:08 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-19 23:07 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-19 23:07 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-09-19 23:07 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-09-19 23:07 <DIR> --d----- c:\program files\AVG
2009-09-19 20:31 <DIR> --d----- c:\programdata\Google
2009-09-19 18:48 <DIR> --d----- c:\users\tracey\appdata\roaming\Malwarebytes
2009-09-19 18:47 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-19 18:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 18:47 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-14 23:54 <DIR> --d----- c:\program files\Search Guard PlusU
2009-09-14 23:54 <DIR> --d----- c:\program files\Search Guard Plus
2009-09-14 23:54 <DIR> --d----- c:\program files\SGPSA
2009-09-14 23:52 <DIR> --d----- c:\program files\Fast Browser Search
2009-09-10 21:24 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-10 21:23 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-10 21:23 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-10 21:23 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-10 21:23 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-10 21:23 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-10 21:23 10,240 a------- c:\windows\system32\finger.exe
2009-09-10 21:23 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-10 21:23 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-10 21:23 17,920 a------- c:\windows\system32\netevent.dll
2009-09-10 21:20 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-10 21:20 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-10 21:20 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-10 21:20 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-10 21:20 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-10 21:19 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-03 20:30 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-03 20:29 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 18:16 16,384 -------- c:\windows\system32\Ikeext.etl

==================== Find3M ====================

2009-09-27 16:38 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-08 11:41 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-08 11:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-08 11:41 86,016 a------- c:\windows\inf\infstor.dat
2009-08-08 11:41 51,200 a------- c:\windows\inf\infpub.dat
2009-08-07 08:47 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-06 02:41 0 a--shr-- c:\windows\system32\drivers\103C_HP_bNB_6735s_Y5336AN_0U_QCNU9162WJ5_E480127-A41_4A_I30E4_SHP_V94.1E_68GPP F.09_T090305_WV2-1_L409_M765_J160_7AMD_8F31_92.10_#080723_N_(GW694AV)_XMOBILE_CN10_Z_2F.09_G10029612.MRK
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2008-01-21 03:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:52:56.84 ============




GMER 1.0.15.15087 - http://www.gmer.net
Rootkit quick scan 2009-09-27 17:04:15
Windows 6.0.6001 Service Pack 1
Running: b5ie7191.exe; Driver: C:\Users\tracey\AppData\Local\Temp\uxryipog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
Hi again,

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
I ran malwarebytes and nothing was found.I then ran Combi.fix.
when lap top restarted it ran the log but now when i try to get back on line(im on pc now,not lap top),i get the following message.

c:\program files\t-mobile\web n walk manager.exe
iilegal operation attempted on a registry key that has been marked for deletion.
 
Hi,

Have you rebooted again after that to see if same error still appears? Could you post those logs with the help of your other system?
 
Yes i've tried re-booting but still can't go on-line.
Can you advise on how to post logs with this PC without physically typing them.
Many thanks.
 
Am now able to get laptop online.:bigthumb:
Heres the logs.


ComboFix 09-09-25.01 - tracey 27/09/2009 17:59.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.764.261 [GMT 1:00]
Running from: c:\users\tracey\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2559858821-157603045-3620735659-500
c:\$recycle.bin\S-1-5-21-3237585219-3985023608-308797163-1005
c:\$recycle.bin\S-1-5-21-3237585219-3985023608-308797163-1006
c:\$recycle.bin\S-1-5-21-70900338-3400025044-3150093166-500
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\ie3sh.exe
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\program files\SGPSA\ie3sh.exe
c:\windows\Installer\53523050.msi
c:\windows\system32\oem19.inf

Infected copy of c:\windows\System32\autochk.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-27 17:12 . 2009-09-27 17:17 -------- d-----w- c:\users\tracey\AppData\Local\temp
2009-09-27 17:12 . 2009-09-27 17:12 -------- d-----w- c:\users\trace\AppData\Local\temp
2009-09-27 17:12 . 2009-09-27 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-27 16:34 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-27 16:34 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-27 14:09 . 2009-09-27 14:09 -------- d-----w- c:\program files\Trend Micro
2009-09-26 23:17 . 2009-09-27 17:15 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-09-26 23:17 . 2009-09-26 23:17 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-09-26 21:46 . 2009-09-27 17:15 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-09-24 20:33 . 2009-09-24 20:33 -------- d-----w- c:\windows\system32\EventProviders
2009-09-19 23:41 . 2009-09-19 23:46 -------- d-----w- C:\$AVG8.VAULT$
2009-09-19 22:08 . 2009-09-19 22:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-19 22:08 . 2009-09-19 22:08 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-19 22:08 . 2009-09-19 22:08 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-19 22:08 . 2009-09-19 22:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-19 22:07 . 2009-09-27 16:03 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-19 22:07 . 2009-09-19 22:11 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-09-19 22:07 . 2009-09-19 22:07 -------- d-----w- c:\program files\AVG
2009-09-19 17:48 . 2009-09-19 17:48 -------- d-----w- c:\users\tracey\AppData\Roaming\Malwarebytes
2009-09-19 17:47 . 2009-09-27 16:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 17:47 . 2009-09-19 17:47 -------- d-----w- c:\programdata\Malwarebytes
2009-09-18 22:41 . 2009-09-18 22:41 -------- d-----w- c:\users\trace\AppData\Local\AOL
2009-09-18 22:39 . 2009-09-18 22:39 -------- d-----w- c:\users\trace\AppData\Roaming\ATI
2009-09-18 22:39 . 2009-09-18 22:39 -------- d-----w- c:\users\trace\AppData\Local\ATI
2009-09-18 22:39 . 2009-09-18 22:39 -------- d-----w- c:\users\trace\AppData\Roaming\HPQLOG
2009-09-18 22:39 . 2009-09-18 22:39 99864 ----a-w- c:\users\trace\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-18 22:37 . 2009-09-18 22:40 -------- d-----w- c:\users\trace\AppData\Local\VirtualStore
2009-09-18 22:37 . 2009-09-19 19:21 -------- d-----w- c:\users\trace
2009-09-18 22:37 . 2009-09-18 22:39 -------- d-----w- c:\users\trace\AppData\Local\Microsoft
2009-09-16 19:23 . 2009-09-19 22:11 -------- d-----w- c:\users\tracey\AppData\Local\Google
2009-09-16 19:17 . 2009-09-19 19:20 -------- d-----w- c:\program files\Google
2009-09-14 22:54 . 2009-09-14 22:54 -------- d-----w- c:\program files\Search Guard Plus
2009-09-14 22:54 . 2009-09-14 22:54 -------- d-----w- c:\program files\Search Guard PlusU
2009-09-10 20:24 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-10 20:23 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-10 20:23 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-10 20:23 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-10 20:23 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-10 20:23 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-10 20:23 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-10 20:23 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-10 20:23 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-10 20:23 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-10 20:20 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-10 20:20 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-10 20:20 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-10 20:20 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-10 20:19 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-03 19:30 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 19:29 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 17:15 . 2008-07-23 12:49 -------- d-----w- c:\programdata\hpqLog
2009-09-27 15:38 . 2008-04-17 16:29 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-09-19 22:07 . 2009-08-07 21:52 -------- d-----w- c:\programdata\avg8
2009-09-19 19:20 . 2009-08-09 23:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-10 23:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-28 11:00 . 2009-08-28 11:00 1028992 ----a-w- c:\users\Public\MyWebTattoo.exe
2009-08-24 22:10 . 2009-08-24 16:46 680 ----a-w- c:\users\tracey\AppData\Local\d3d9caps.dat
2009-08-24 17:26 . 2009-08-09 23:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-17 19:30 . 2009-08-17 19:30 -------- d-----w- c:\program files\Ask.com
2009-08-17 19:30 . 2009-08-17 19:29 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-08-17 19:29 . 2009-08-17 19:29 -------- d-----w- c:\program files\DVDVideoSoft
2009-08-13 15:12 . 2009-08-06 03:27 -------- d-----w- c:\users\tracey\AppData\Roaming\HPQLOG
2009-08-11 23:54 . 2009-08-11 23:54 -------- d-----w- c:\users\tracey\AppData\Roaming\InterVideo
2009-08-07 21:15 . 2009-08-07 21:15 -------- d-----w- c:\users\tracey\AppData\Roaming\AVG8
2009-08-07 07:47 . 2009-08-07 07:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-07 07:26 . 2009-08-07 07:26 -------- d-----w- c:\program files\T-Mobile
2009-08-06 03:27 . 2009-08-06 03:27 -------- d-----w- c:\users\tracey\AppData\Roaming\ATI
2009-08-06 03:26 . 2009-08-06 03:26 99864 ----a-w- c:\users\tracey\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-06 01:50 . 2009-08-06 01:50 -------- d-----w- c:\users\tracey\AppData\Roaming\Hewlett-Packard
2009-08-06 01:50 . 2008-07-23 13:04 -------- d-----w- c:\programdata\Hewlett-Packard
2009-08-06 01:47 . 2009-08-06 01:47 -------- d-----w- c:\program files\MSN Messenger
2009-08-06 01:42 . 2008-07-23 12:13 -------- d-----w- c:\program files\Analog Devices
2009-08-06 01:42 . 2008-07-23 12:13 -------- d-----w- c:\programdata\SonicFocus
2009-08-06 01:42 . 2008-07-23 13:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-06 01:42 . 2009-08-06 01:42 -------- d-----w- c:\users\tracey\AppData\Roaming\InstallShield
2009-08-06 01:41 . 2009-08-06 01:41 0 --sha-r- c:\windows\system32\drivers\103C_HP_bNB_6735s_Y5336AN_0U_QCNU9162WJ5_E480127-A41_4A_I30E4_SHP_V94.1E_68GPP F.09_T090305_WV2-1_L409_M765_J160_7AMD_8F31_92.10_#080723_N_(GW694AV)_XMOBILE_CN10_Z_2F.09_G10029612.MRK
2009-07-21 21:52 . 2009-08-24 19:03 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-24 19:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-24 19:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-24 19:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-13 15:44 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-13 15:43 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-13 15:43 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-13 15:43 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-13 15:43 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2008-07-23 13:00 . 2008-07-23 13:00 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 16:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-16 39408]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-02 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-14 10244096]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-24 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-19 2007832]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-7-23 197904]
web'n'walk Manager.lnk - c:\program files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2008-11-12 1463296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{44511208-0329-4EC5-B367-5574C3138068}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{80059179-3AF0-48D0-8CC7-29665A655D00}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{66643E97-CB0F-4584-BD33-03E6861889E9}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{AD7FEA64-A959-4511-81EA-3FDE0B3784C8}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [30/05/2008 17:37 51376]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [30/05/2008 17:37 12928]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [19/09/2009 23:08 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [19/09/2009 23:08 108552]
R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [30/05/2008 17:37 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [16/05/2007 00:08 182576]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [21/01/2008 03:33 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [21/01/2008 03:33 21504]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [19/09/2009 23:07 297752]
R2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [01/05/2008 00:52 200704]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [02/06/2008 18:32 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [30/05/2008 17:36 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [23/07/2008 14:55 77824]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [07/04/2008 19:13 24936]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [23/07/2008 14:03 576024]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [10/08/2009 00:53 1153368]
R3 GTUHSBUS;GT UHS BUS;c:\windows\System32\drivers\gtuhsbus.sys [07/11/2008 19:57 62592]
R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\System32\drivers\gtuhs51.sys [07/11/2008 19:58 105984]
R3 GTUHSOMS;GT UHS OMS;c:\windows\System32\drivers\gtuhsoms.sys [07/11/2008 20:01 20352]
R3 GTUHSSER;GT UHS SER;c:\windows\System32\drivers\gtuhsser.sys [07/11/2008 20:03 8064]
S2 0032751249610039mcinstcleanup;McAfee Application Installer Cleanup (0032751249610039);c:\windows\TEMP\003275~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\003275~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 03:32 179712]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [23/07/2008 14:57 193840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-27 c:\windows\Tasks\User_Feed_Synchronization-{7FC503C4-AB52-4656-898C-885612B431C7}.job
- c:\windows\system32\msfeedssync.exe [2009-08-24 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googlemyway.com/Xx%20Trace%20xX
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSSA = c:\program files\SGPSA\ie3sh.exe?.exe??t_005064.js? Search\*.*? ????????o New York State?s conflict

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(660)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(3848)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\AEADISRV.EXE
c:\windows\System32\agrsmsvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\rpcnet.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-09-27 18:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-27 17:22

Pre-Run: 106,366,844,928 bytes free
Post-Run: 106,280,595,456 bytes free

368 --- E O F --- 2009-09-26 17:20





Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6001 Service Pack 1

27/09/2009 20:13:46
mbam-log-2009-09-27 (20-13-46).txt

Scan type: Quick Scan
Objects scanned: 89541
Time elapsed: 9 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Am now able to get laptop online.
Click to expand...
Good. Please tell me how did you solve the issue.

Uninstall Ask Toolbar if not installed on purpose.

Uninstall these too:
Search Guard Plus (My Web Tattoo)
Search Guard Plus Updater (My Web Tattoo)


Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.


  • Read the requirements and privacy statement then click on the Accept button.

  • The program will launch and start to download the latest definition files.

  • You will be prompted to install an application from Kaspersky. Click Run

  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives

  • Click on My Computer under Scan.

  • Once the scan is complete, it will display the results. Click on View Scan Report.

  • Click on Save Report As....

  • Change the Files of type to Text file (.txt) before clicking on the Save button.

  • Save this report to a convenient place.

  • Copy and paste that information & fresh dds.txt log into your topic.

  • The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
If you need a tutorial, see here
 
I kept re-booting and on third attempt it logged on.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, September 28, 2009
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 28, 2009 15:54:36
Records in database: 2930131
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 134646
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:30:39

No threats found. Scanned area is clean.

Selected area has been scanned.




DDS (Ver_09-09-24.01) - NTFSx86
Run by tracey at 20:27:51.03 on 28/09/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.764.211 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Cognizance
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\Ati2evxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\rpcnet.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\T-Mobile\web'n'walk Manager\bmctl.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\msfeedssync.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\DllHost.exe
C:\Program Files\Search Guard Plus\uninstalSGP.exe
C:\Users\tracey\Downloads\jre-6u16-windows-i586.exe
C:\Users\tracey\Downloads\jre-6u16-windows-i586.exe
C:\Users\tracey\Downloads\jre-6u16-windows-i586.exe
C:\Users\tracey\Downloads\jre-6u16-windows-i586.exe
C:\Users\tracey\Downloads\jre-6u16-windows-i586.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\T-Mobile\web'n'walk Manager\bmop.exe
C:\Users\tracey\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://googlemyway.com/Xx%20Trace%20xX
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRunOnce: [DeleteDir[CD8] Search Guard Plus] cmd.exe /C RD /S /Q c:\progra~1\SEARCH~1
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\web'n'~1.lnk - c:\program files\t-mobile\web'n'walk manager\web'n'walk Manager.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\windows\system32\apshook.dll c:\windows\system32\avgrsstx.dll c:\windows\system32\APSHook.dll APSHook.dll
LSA: Notification Packages = scecli ASWLNPkg

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-19 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-19 108552]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]

=============== Created Last 30 ================

2009-09-28 14:25 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-27 18:17 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-27 17:56 229,888 a------- c:\windows\PEV.exe
2009-09-27 17:56 161,792 a------- c:\windows\SWREG.exe
2009-09-27 17:56 98,816 a------- c:\windows\sed.exe
2009-09-27 17:56 <DIR> --d----- C:\ComboFix
2009-09-27 17:34 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-27 17:34 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-27 15:09 <DIR> --d----- c:\program files\Trend Micro
2009-09-27 00:17 56,680 a------- c:\windows\system32\rpcnet.exe
2009-09-27 00:17 56,680 a------- c:\windows\system32\rpcnet.dll
2009-09-26 22:46 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-09-24 21:33 <DIR> --d----- c:\windows\system32\EventProviders
2009-09-20 00:41 <DIR> --d----- C:\$AVG8.VAULT$
2009-09-19 23:08 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-19 23:08 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-19 23:08 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-19 23:07 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-19 23:07 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-09-19 23:07 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-09-19 23:07 <DIR> --d----- c:\program files\AVG
2009-09-19 20:31 <DIR> --d----- c:\programdata\Google
2009-09-19 18:48 <DIR> --d----- c:\users\tracey\appdata\roaming\Malwarebytes
2009-09-19 18:47 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-19 18:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 18:47 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-14 23:54 <DIR> --d----- c:\program files\Search Guard Plus
2009-09-10 21:24 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-10 21:23 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-10 21:23 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-10 21:23 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-10 21:23 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-10 21:23 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-10 21:23 10,240 a------- c:\windows\system32\finger.exe
2009-09-10 21:23 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-10 21:23 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-10 21:23 17,920 a------- c:\windows\system32\netevent.dll
2009-09-10 21:20 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-10 21:20 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-10 21:20 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-10 21:20 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-10 21:20 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-10 21:19 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-03 20:30 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-03 20:29 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2009-09-27 16:38 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-08 11:41 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-08 11:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-08 11:41 86,016 a------- c:\windows\inf\infstor.dat
2009-08-08 11:41 51,200 a------- c:\windows\inf\infpub.dat
2009-08-07 08:47 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-06 02:41 0 a--shr-- c:\windows\system32\drivers\103C_HP_bNB_6735s_Y5336AN_0U_QCNU9162WJ5_E480127-A41_4A_I30E4_SHP_V94.1E_68GPP F.09_T090305_WV2-1_L409_M765_J160_7AMD_8F31_92.10_#080723_N_(GW694AV)_XMOBILE_CN10_Z_2F.09_G10029612.MRK
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2008-01-21 03:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:29:10.48 ==============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-24.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 06/08/2009 01:13:29
System Uptime: 28/09/2009 13:35:51 (7 hours ago)

Motherboard: Hewlett-Packard | | 30E4
Processor: AMD Sempron(tm) SI-42 | Unknown | 1100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 99.053 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.89 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (FAT32) - 1 GiB total, 0.994 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================


2007 Microsoft Office system
32 Bit HP CIO Components Installer
ActivClient 6.1 x86
Adobe Flash Player 10 ActiveX
Agere Systems HDA Modem
AOL Toolbar 5.0
 
I forgot to add,i notice you asked me to uninstall two my web tattoo programs.
Whilst deleting them i see i have another one,it's called 'fast browser search(my web tattoo) should i un install this?
 
Hi,

Looks like whole attach.txt contents didn't get posted.

Whilst deleting them i see i have another one,it's called 'fast browser search(my web tattoo) should i un install this?
Click to expand...
Yes. You may get a message that it's been removed already though.
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-24.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 06/08/2009 01:13:29
System Uptime: 28/09/2009 13:35:51 (8 hours ago)

Motherboard: Hewlett-Packard | | 30E4
Processor: AMD Sempron(tm) SI-42 | Unknown | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 99.041 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.89 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (FAT32) - 1 GiB total, 0.994 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP77: 27/08/2009 17:34:47 - Windows Update
RP78: 29/08/2009 16:20:23 - Windows Update
RP79: 31/08/2009 19:32:33 - Windows Update
RP80: 03/09/2009 19:39:46 - Windows Update
RP81: 04/09/2009 23:24:45 - Windows Update
RP82: 07/09/2009 20:54:11 - Windows Update
RP83: 10/09/2009 21:11:16 - Windows Update
RP84: 11/09/2009 00:56:59 - Windows Update
RP85: 14/09/2009 21:25:10 - Windows Update
RP86: 17/09/2009 20:29:43 - Windows Update
RP87: 19/09/2009 20:16:14 - Restore Operation
RP88: 19/09/2009 20:53:17 - Windows Update
RP89: 19/09/2009 21:49:55 - Removed AVG Free 8.5
RP90: 19/09/2009 21:51:30 - Installed AVG Free 8.5
RP91: 19/09/2009 23:06:31 - Installed AVG Free 8.5
RP92: 21/09/2009 22:26:08 - Windows Update
RP93: 24/09/2009 16:58:16 - Windows Update
RP94: 24/09/2009 21:32:19 - Windows Update
RP95: 26/09/2009 18:14:51 - Windows Update
RP96: 27/09/2009 19:32:19 - Scheduled Checkpoint
RP97: 28/09/2009 13:41:36 - Removed Ask Toolbar.
RP98: 28/09/2009 13:51:26 - Removed Ask Toolbar.
RP99: 28/09/2009 14:23:50 - Installed Java(TM) 6 Update 16

==== Installed Programs ======================


2007 Microsoft Office system
32 Bit HP CIO Components Installer
ActivClient 6.1 x86
Adobe Flash Player 10 ActiveX
Agere Systems HDA Modem
AOL Toolbar 5.0
ATI Catalyst Install Manager
AVG Free 8.5
BIOS Configuration for HP ProtectTools
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Credential Manager for HP ProtectTools
Drive Encryption for HP ProtectTools
ESU for Microsoft Vista SP1
Fast Browser Search (My Web Tattoo)
File Sanitizer For HP ProtectTools
Free Studio version 4.2
Google Toolbar for Internet Explorer
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP 3D DriveGuard
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP JavaCard for HP ProtectTools
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons 6.40 E1
HP Software Setup 5.00.A.7
HP Update
HP User Guides 0108
HP Wallpaper
HP Wireless Assistant
HPNetworkAssistant
InterVideo DVD Check
InterVideo Register Manager
InterVideo WinDVD
Java(TM) 6 Update 16
Java(TM) 6 Update 6
LightScribe System Software 1.12.37.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access MUI (German) 2007
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (Dutch) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office Word MUI (Italian) 2007
Microsoft Visual C++ 2005 Redistributable
PDF Complete
Skins
SoundMAX
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Vista Default Settings
web'n'walk Manager
web'n'walk Manager
Windows Live Messenger

==== Event Viewer Messages From Past Week ========

28/09/2009 21:26:59, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.214.114.100 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
28/09/2009 21:26:59, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.214.114.100 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.213.91.162 (The DHCP Server sent a DHCPNACK message).
28/09/2009 20:19:38, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.216.162.240 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.214.114.101 (The DHCP Server sent a DHCPNACK message).
28/09/2009 20:19:37, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.216.162.240 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
28/09/2009 16:25:21, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.214.40.98 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.216.162.239 (The DHCP Server sent a DHCPNACK message).
28/09/2009 16:22:44, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.212.125.178 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.214.40.99 (The DHCP Server sent a DHCPNACK message).
28/09/2009 16:17:42, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.213.5.198 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
28/09/2009 16:17:42, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.213.5.198 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.212.125.177 (The DHCP Server sent a DHCPNACK message).
28/09/2009 16:12:35, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.213.162.228 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.213.5.197 (The DHCP Server sent a DHCPNACK message).
28/09/2009 15:58:40, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.217.94.63 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.213.162.227 (The DHCP Server sent a DHCPNACK message).
28/09/2009 15:55:36, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.214.32.4 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.217.94.64 (The DHCP Server sent a DHCPNACK message).
28/09/2009 15:55:35, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.214.32.4 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
28/09/2009 14:37:00, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.215.222.216 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
28/09/2009 14:37:00, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.215.222.216 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.214.32.5 (The DHCP Server sent a DHCPNACK message).
28/09/2009 14:23:02, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.214.214.162 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
28/09/2009 14:23:02, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.214.214.162 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.215.222.215 (The DHCP Server sent a DHCPNACK message).
28/09/2009 14:03:05, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.215.43.167 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.214.214.161 (The DHCP Server sent a DHCPNACK message).
27/09/2009 20:01:33, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.213.74.50 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.215.43.166 (The DHCP Server sent a DHCPNACK message).
27/09/2009 19:50:05, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.215.172.139 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.213.74.51 (The DHCP Server sent a DHCPNACK message).
27/09/2009 19:47:13, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00F1D000F1D0. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
27/09/2009 17:59:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
27/09/2009 17:59:03, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
27/09/2009 17:45:38, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.215.228.56 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.215.137.230 (The DHCP Server sent a DHCPNACK message).
27/09/2009 17:45:33, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.215.228.56 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
27/09/2009 16:40:26, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.215.189.38 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.215.228.57 (The DHCP Server sent a DHCPNACK message).
27/09/2009 14:59:35, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.215.159.46 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.215.189.39 (The DHCP Server sent a DHCPNACK message).
27/09/2009 00:29:50, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.216.245.21 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.215.159.47 (The DHCP Server sent a DHCPNACK message).
27/09/2009 00:29:49, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.216.245.21 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
26/09/2009 23:56:00, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.212.217.100 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
26/09/2009 23:56:00, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.212.217.100 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.216.245.22 (The DHCP Server sent a DHCPNACK message).
26/09/2009 22:54:26, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.214.168.221 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.215.91.203 (The DHCP Server sent a DHCPNACK message).
26/09/2009 18:20:39, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x800f0a0f.
26/09/2009 18:04:45, Error: Service Control Manager [7000] - The rpcnetp service failed to start due to the following error: The system cannot find the file specified.
25/09/2009 14:57:36, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.215.127.199 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
25/09/2009 14:57:36, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.215.127.199 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.214.168.220 (The DHCP Server sent a DHCPNACK message).
25/09/2009 14:52:59, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.212.126.28 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.215.127.198 (The DHCP Server sent a DHCPNACK message).
25/09/2009 14:21:50, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
25/09/2009 13:51:25, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A47979D2-C419-11D9-A5B4-001185AD2B89} to the user tracey-PC\tracey SID (S-1-5-21-3237585219-3985023608-308797163-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
25/09/2009 11:38:12, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.214.60.221 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.212.126.29 (The DHCP Server sent a DHCPNACK message).
25/09/2009 11:37:44, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.213.32.243 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.214.60.220 (The DHCP Server sent a DHCPNACK message).
24/09/2009 22:43:21, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.212.106.136 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.213.32.242 (The DHCP Server sent a DHCPNACK message).
24/09/2009 22:38:45, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.215.174.99 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.212.106.135 (The DHCP Server sent a DHCPNACK message).
24/09/2009 22:38:42, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.215.174.99 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
24/09/2009 22:29:23, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.212.74.189 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.215.174.100 (The DHCP Server sent a DHCPNACK message).
24/09/2009 22:29:09, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.213.59.8 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
24/09/2009 22:29:09, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.213.59.8 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.212.74.188 (The DHCP Server sent a DHCPNACK message).
24/09/2009 22:24:53, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.215.193.85 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.213.59.9 (The DHCP Server sent a DHCPNACK message).
24/09/2009 22:12:21, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.212.148.234 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.215.193.86 (The DHCP Server sent a DHCPNACK message).
24/09/2009 22:11:31, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.212.104.200 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
24/09/2009 22:11:31, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.212.104.200 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.212.148.233 (The DHCP Server sent a DHCPNACK message).
24/09/2009 22:02:56, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.213.154.174 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.212.104.199 (The DHCP Server sent a DHCPNACK message).
24/09/2009 22:02:53, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.213.154.174 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
24/09/2009 21:43:22, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x800f0a10.
24/09/2009 18:11:31, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.214.48.89 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.213.154.173 (The DHCP Server sent a DHCPNACK message).
24/09/2009 16:50:22, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.212.192.41 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.214.48.90 (The DHCP Server sent a DHCPNACK message).
23/09/2009 21:37:49, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.215.118.249 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.212.192.42 (The DHCP Server sent a DHCPNACK message).
22/09/2009 19:43:43, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.213.116.235 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.215.118.248 (The DHCP Server sent a DHCPNACK message).
22/09/2009 00:27:15, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.213.64.213 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.213.116.234 (The DHCP Server sent a DHCPNACK message).
22/09/2009 00:27:14, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.213.64.213 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
22/09/2009 00:03:03, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.212.142.96 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.213.64.212 (The DHCP Server sent a DHCPNACK message).
22/09/2009 00:00:10, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
22/09/2009 00:00:10, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.217.148.55 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.212.142.97 (The DHCP Server sent a DHCPNACK message).
22/09/2009 00:00:09, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.217.148.55 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
21/09/2009 23:10:36, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.212.10.62 with the system having network hardware address 00-CA-FE-C0-FF-EE. Network operations on this system may be disrupted as a result.
21/09/2009 23:10:36, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.212.10.62 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.217.148.56 (The DHCP Server sent a DHCPNACK message).
21/09/2009 22:15:50, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.214.19.20 for the Network Card with network address 00F1D000F1D0 has been denied by the DHCP server 10.212.10.63 (The DHCP Server sent a DHCPNACK message).
21/09/2009 22:12:08, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================



DDS (Ver_09-09-24.01) - NTFSx86
Run by tracey at 21:26:46.71 on 28/09/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.764.145 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Cognizance
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\Ati2evxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\rpcnet.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\T-Mobile\web'n'walk Manager\bmctl.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\msfeedssync.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\DllHost.exe
C:\Program Files\Search Guard Plus\uninstalSGP.exe
C:\Users\tracey\Downloads\jre-6u16-windows-i586.exe
C:\Users\tracey\Downloads\jre-6u16-windows-i586.exe
C:\Users\tracey\Downloads\jre-6u16-windows-i586.exe
C:\Users\tracey\Downloads\jre-6u16-windows-i586.exe
C:\Users\tracey\Downloads\jre-6u16-windows-i586.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\windows\System32\mobsync.exe
C:\Users\tracey\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://googlemyway.com/Xx%20Trace%20xX
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRunOnce: [DeleteDir[CD8] Search Guard Plus] cmd.exe /C RD /S /Q c:\progra~1\SEARCH~1
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\web'n'~1.lnk - c:\program files\t-mobile\web'n'walk manager\web'n'walk Manager.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\windows\system32\apshook.dll c:\windows\system32\avgrsstx.dll c:\windows\system32\APSHook.dll APSHook.dll
LSA: Notification Packages = scecli ASWLNPkg

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-09-28 14:25 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-27 18:17 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-27 17:56 229,888 a------- c:\windows\PEV.exe
2009-09-27 17:56 161,792 a------- c:\windows\SWREG.exe
2009-09-27 17:56 98,816 a------- c:\windows\sed.exe
2009-09-27 17:56 <DIR> --d----- C:\ComboFix
2009-09-27 17:34 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-27 17:34 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-27 15:09 <DIR> --d----- c:\program files\Trend Micro
2009-09-27 00:17 56,680 a------- c:\windows\system32\rpcnet.exe
2009-09-27 00:17 56,680 a------- c:\windows\system32\rpcnet.dll
2009-09-26 22:46 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-09-24 21:33 <DIR> --d----- c:\windows\system32\EventProviders
2009-09-20 00:41 <DIR> --d----- C:\$AVG8.VAULT$
2009-09-19 23:08 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-19 23:08 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-19 23:08 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-19 23:07 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-19 23:07 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-09-19 23:07 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-09-19 23:07 <DIR> --d----- c:\program files\AVG
2009-09-19 20:31 <DIR> --d----- c:\programdata\Google
2009-09-19 18:48 <DIR> --d----- c:\users\tracey\appdata\roaming\Malwarebytes
2009-09-19 18:47 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-19 18:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 18:47 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-14 23:54 <DIR> --d----- c:\program files\Search Guard Plus
2009-09-10 21:24 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-10 21:23 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-10 21:23 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-10 21:23 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-10 21:23 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-10 21:23 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-10 21:23 10,240 a------- c:\windows\system32\finger.exe
2009-09-10 21:23 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-10 21:23 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-10 21:23 17,920 a------- c:\windows\system32\netevent.dll
2009-09-10 21:20 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-10 21:20 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-10 21:20 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-10 21:20 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-10 21:20 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-10 21:19 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-03 20:30 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-03 20:29 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2009-09-27 16:38 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-08 11:41 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-08 11:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-08 11:41 86,016 a------- c:\windows\inf\infstor.dat
2009-08-08 11:41 51,200 a------- c:\windows\inf\infpub.dat
2009-08-07 08:47 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-06 02:41 0 a--shr-- c:\windows\system32\drivers\103C_HP_bNB_6735s_Y5336AN_0U_QCNU9162WJ5_E480127-A41_4A_I30E4_SHP_V94.1E_68GPP F.09_T090305_WV2-1_L409_M765_J160_7AMD_8F31_92.10_#080723_N_(GW694AV)_XMOBILE_CN10_Z_2F.09_G10029612.MRK
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2008-01-21 03:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:28:27.45 ==============
 
When i tried to uninstall the other web tattoo programme i recieved this message,'Please wait untill current program is finished uninstalling'
To my knowledge no program are being uninstalled or changed.
 
When i tried to uninstall the other web tattoo programme i recieved this message,'Please wait untill current program is finished uninstalling'
To my knowledge no program are being uninstalled or changed.
Click to expand...
Hi,

Have a reboot and try again then.

Uninstall Java(TM) 6 Update 6 too.

Spybot looks to be outdated. Update its definitions.
 
Good Afternoon Blade,

I've downloaded latest updates on S&D
Uninstalled Java update 6
I've tried numerous times to uninstall 'fast browser search(my web tattoo)' but it's still there.
 
You must log in or register to reply here.
Back
Top