Trojan:Win32/Alureon.CT

D

drummo

New member
Hi there, I'm stuck!

Windows Securty Essentials (WSE) is saying I've got this thing, when I try to remove it it just starts again, not sure where it came from, I could have had it a while and the WSE updated yesterday and maybe just started picking it up, am just guessing as I really don't have a clue what I'm doing. I had the ave.exe thing the other week and though i got rid of that by stopping it in process manager and running S&D it seemed to work as the popups stopped, so I though it could be something to do with that, or maybe something completly new, like i say I'm clueless and any help would be greatly appreciated

Thank you

Andrew.

I did the dds thing and here are the results for that



DDS (Ver_10-03-17.01) - NTFSx86
Run by andrew at 12:26:02.43 on 01/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.233 [GMT 1:00]

AV: Norton Security Online *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
svchost.exe "C:\WINDOWS\system32\12520437t.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\andrew\Desktop\iexplore.exe.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\andrew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061019
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: orer - No File
BHO: rsion - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [EPSON Stylus D120 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticce.exe /fu "c:\windows\temp\E_S124.tmp" /EF "HKCU"
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [mRouterConfig] "c:\program files\intuwave\shared\mrouterruntime\mRouterConfig.exe"
uRun: [Google Update] "c:\documents and settings\andrew\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [EPSON Stylus D68 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [CaISSDT] "c:\program files\ca\etrust internet security suite\caissdt.exe"
mRun: [RegistrySmart] "c:\program files\registrysmart\RegistrySmart.exe" -boot
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [btbb_McciTrayApp] c:\program files\bt broadband desktop help\bin\BTHelpNotifier.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [osCheck] "c:\progra~1\symantec\osCheck.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PC Suite for Smartphones] "c:\program files\sony ericsson\mobile4\application launcher\Application Launcher.exe" /startoptions
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rungoo~1.lnk - c:\program files\google\web accelerator\GoogleWebAccWarden.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/229?8ce9c0e223af4489b8fbc6f14716c5a9
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/230?8ce9c0e223af4489b8fbc6f14716c5a9
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com/lib/uclan/support/plugins/ebraryRdr.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4891/mcfscan.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew\applic~1\mozilla\firefox\profiles\pzkg98fl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\andrew\application data\mozilla\firefox\profiles\pzkg98fl.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\andrew\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-3 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081013.003\NAVENG.SYS [2008-10-14 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081013.003\NAVEX15.SYS [2008-10-14 873552]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-10-19 1174664]
S1 ympojdke;ympojdke;c:\windows\system32\drivers\ympojdke.sys [2010-5-1 30784]
S2 ccEvtMgrRSVP;Symantec Event Manager ccEvtMgrRSVP;c:\windows\system32\12520437t.exe srv --> c:\windows\system32\12520437t.exe srv [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-10-23 17149]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-10-19 30192]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [2009-2-4 101120]

=============== Created Last 30 ================

2010-05-01 08:02:58 30784 ----a-w- c:\windows\system32\drivers\ympojdke.sys
2010-04-30 20:41:14 104 --s-a-w- c:\windows\system32\4291943986.dat
2010-04-28 14:33:07 14514 ----a-w- c:\documents and settings\andrew\.recently-used.xbel
2010-04-27 11:43:03 129 ----a-w- c:\windows\ScreenHunter.INI
2010-04-26 23:33:52 0 d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2010-04-26 23:15:11 695578 ----a-w- c:\windows\system32\unins000.exe
2010-04-26 23:15:11 65536 ----a-w- c:\windows\system32\camcodec.dll
2010-04-26 23:15:11 1078 ----a-w- c:\windows\system32\camcodec.ico
2010-04-26 23:15:11 1073 ----a-w- c:\windows\system32\unins000.dat
2010-04-26 23:14:44 0 d-----w- c:\program files\CamStudio
2010-04-26 22:05:22 49922 ----a-w- c:\documents and settings\andrew\and.xcf
2010-04-22 21:15:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-04-18 12:41:55 29521 ----a-w- c:\documents and settings\andrew\christmas_Giftbox.png
2010-04-09 23:17:25 170597 ----a-w- c:\documents and settings\andrew\banner.xcf
2010-04-09 21:18:42 0 d-----w- c:\documents and settings\andrew\.thumbnails
2010-04-09 21:05:13 0 d-----w- c:\documents and settings\andrew\.gimp-2.6
2010-04-09 21:04:21 0 d-----w- c:\program files\GIMP-2.0
2010-04-08 20:20:26 0 d-----w- c:\program files\common files\SupportSoft
2010-04-08 06:28:56 0 d-----w- c:\program files\Microsoft Security Essentials
2010-04-07 20:52:03 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cad6942cd3cd64.mof
2010-04-07 18:34:03 0 d-sh--w- c:\documents and settings\andrew\PrivacIE
2010-04-07 18:27:47 0 d-sh--w- c:\documents and settings\andrew\IETldCache
2010-04-07 17:59:05 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-07 17:59:03 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-07 17:58:59 0 d-----w- c:\windows\ie8updates
2010-04-07 17:58:52 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-07 17:57:43 0 dc-h--w- c:\windows\ie8
2010-04-07 17:31:47 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-07 17:29:00 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-04-07 16:59:25 0 d-----w- c:\windows\system32\XPSViewer
2010-04-07 16:58:28 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-07 16:58:28 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-07 16:58:28 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-07 16:58:28 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-07 16:58:28 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-07 16:58:27 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-07 16:58:27 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-07 16:58:27 0 d-----w- C:\73f5fa418770ba5c36b50abb
2010-04-07 16:57:57 0 d-----w- c:\windows\SxsCaPendDel
2010-04-07 15:59:08 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-04-07 15:57:47 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-07 15:56:28 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-04-07 15:52:52 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-04-07 15:51:54 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-07 15:51:44 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-07 15:51:43 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-04-07 15:51:19 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-04-07 15:46:35 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-04-07 15:46:30 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-04-07 15:45:14 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-07 15:45:12 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-04-07 15:45:11 215552 ------w- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2010-03-11 12:38:52 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:52 78336 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-03-11 12:38:51 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 10:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:37 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:37 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:35 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-25 06:24:35 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-25 06:24:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:35 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-02-25 06:24:35 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 08:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2006-10-24 22:26:59 251 ----a-w- c:\program files\wt3d.ini
2005-06-08 08:03:50 497664 ----a-w- c:\windows\inf\Digital camera for Windows XP-ME.exe
2007-01-15 00:49:35 88 --sh--r- c:\windows\system32\242F0E16C0.sys
2007-08-26 12:23:56 56 --sh--r- c:\windows\system32\C0160E2F24.sys
2007-08-26 12:23:59 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-09-04 04:56:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 12:27:12.13 ===============


not sure if i should post the 'attach' notepad file as it says at the top of that only do so if requested

Thank you again

Andrew
 
Hi,

Please post attach.txt contents too.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck all but "sections" option and then click scan.
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
 
Hi Blade81

Thanks for your reply, I've posted the attach.txt below and have downloaded GMER but am having a bit of trouble running it. Have tried a few times the first time the computer shut down and it went to a blue screen with some text saying that something had gone wrong the other two times I've had coulnd'nt run/debug type errors am not sure what to do next.

The GMER runs some sort of scan when it starts before I can uncheck all the boxes, is this right?

The other thing is that since I posted the Microsoft Security Essentails stopped detecting the problem and just advised me to restart, which I did, and have not run a scan since, should I run another scan?

Thanks

Andrew






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 23/10/2006 21:50:37
System Uptime: 21/04/2010 18:30:48 (234 hours ago)

Motherboard: Dell Inc. | | 0WG860
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 170 GiB total, 123.804 GiB free.
D: is FIXED (NTFS) - 58 GiB total, 58.123 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP924: 07/04/2010 16:57:40 - Software Distribution Service 3.0
RP925: 07/04/2010 17:49:20 - Software Distribution Service 3.0
RP926: 07/04/2010 17:51:26 - Software Distribution Service 3.0
RP927: 07/04/2010 18:32:57 - Software Distribution Service 3.0
RP928: 08/04/2010 07:33:21 - Software Distribution Service 3.0
RP929: 08/04/2010 08:47:32 - Removed Windows Defender
RP930: 08/04/2010 08:49:17 - Removed Norton Ghost 10.0
RP931: 09/04/2010 03:00:16 - Software Distribution Service 3.0
RP932: 09/04/2010 13:14:48 - Software Distribution Service 3.0
RP933: 10/04/2010 13:17:51 - Software Distribution Service 3.0
RP934: 11/04/2010 02:09:01 - Software Distribution Service 3.0
RP935: 11/04/2010 13:18:59 - Software Distribution Service 3.0
RP936: 12/04/2010 13:17:37 - Software Distribution Service 3.0
RP937: 13/04/2010 13:17:59 - Software Distribution Service 3.0
RP938: 14/04/2010 13:17:56 - Software Distribution Service 3.0
RP939: 15/04/2010 03:00:32 - Software Distribution Service 3.0
RP940: 16/04/2010 03:32:21 - Software Distribution Service 3.0
RP941: 17/04/2010 03:31:42 - Software Distribution Service 3.0
RP942: 18/04/2010 02:14:03 - Software Distribution Service 3.0
RP943: 19/04/2010 02:41:27 - System Checkpoint
RP944: 19/04/2010 03:32:43 - Software Distribution Service 3.0
RP945: 20/04/2010 04:06:43 - System Checkpoint
RP946: 20/04/2010 20:42:08 - Software Distribution Service 3.0
RP947: 21/04/2010 13:09:22 - Software Distribution Service 3.0
RP948: 21/04/2010 15:27:41 - Restore Operation
RP949: 22/04/2010 16:58:46 - System Checkpoint
RP950: 22/04/2010 18:37:38 - Software Distribution Service 3.0
RP951: 23/04/2010 18:38:48 - Software Distribution Service 3.0
RP952: 24/04/2010 18:38:52 - Software Distribution Service 3.0
RP953: 25/04/2010 01:35:10 - Software Distribution Service 3.0
RP954: 25/04/2010 18:38:32 - Software Distribution Service 3.0
RP955: 26/04/2010 18:37:38 - Software Distribution Service 3.0
RP956: 27/04/2010 18:38:51 - Software Distribution Service 3.0
RP957: 28/04/2010 18:38:28 - Software Distribution Service 3.0
RP958: 29/04/2010 18:38:36 - Software Distribution Service 3.0
RP959: 30/04/2010 18:39:26 - Software Distribution Service 3.0

==== Installed Programs ======================


4oD
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.2
Andrea VoiceCenter
AOL You've Got Pictures Screensaver
AppCore
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
ArcSoft PhotoImpression 5
ArcSoft VideoImpression 2
ARTEuro
ATI - Software Uninstall Utility
ATI Display Driver
AV
BBC iPlayer Download Manager
Bonjour
Broadband Help
BroadJump Client Foundation
Camera RAW Plug-In for EPSON Creativity Suite
CamStudio
CamStudio Lossless Codec v1.4
ccCommon
Citrix Presentation Server Client - Web Only
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Creative Audio Pack
Creative MediaSource 5
Dell CinePlayer
Dell Driver Reset Tool
Dell Network Assistant
Dell Support 3.2
Dell System Restore
Digital camera for Windows XP-ME
Digital Line Detect
DivX Content Uploader
DivX Web Player
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON Event Manager
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Stylus C110_D120 Manual
EPSON Web-To-Page
ESD68 User's Guide
ESPNMotion
FoxyTunes for Firefox
Free Games Offer, Desktop Shortcut
GemMaster Mystic
GIMP 2.6.8
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Web Accelerator
GSpot Codec Information Appliance
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
ImageForge version 3.60
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Magic Photo Editor 3.95
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.19)
MSRedist
MSRuntime Libraries
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MySpaceIM
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
NetWaiting
Norton AntiVirus
Norton Internet Security
Norton Protection Center
OpenOffice.org Installer 1.0
Otto
PerfV10_V100 User’s Guide
Picasa 2
QuickTime
RealPlayer
Rhapsody Player Engine
Riva FLV Encoder 2.0
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic MyDVD
Sonic Update Manager
Sony Ericsson Media Manager 1.0
Sony Ericsson PC Suite for Smartphones
Sony Ericsson Symbian 9 Drivers
SopCast 2.0.4
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
SPBBC 32bit
Spybot - Search & Destroy
Symantec Real Time Storage Protection Component
SymNet
Tabbed Browsing (Windows Live Toolbar)
Tiscali Internet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VeohTV BETA
Viewpoint Media Player
Virgin Broadband advisor 1.5.14
Virtual DJ - Atomix Productions
Vodafone PC Assistant V1.8.19
Wanadoo Europe Installer
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Vista Upgrade Advisor
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wisdom-soft ScreenHunter 5.1 Free
XviD 1.1 final uninstall
Yahoo! Anti-Spy

==== Event Viewer Messages From Past Week ========

30/04/2010 23:03:14, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
30/04/2010 22:55:29, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
30/04/2010 21:54:18, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
30/04/2010 14:53:12, error: NetBT [4321] - The name "DRUMMOND :0" could not be registered on the Interface with IP address 192.168.1.64. The machine with the IP address 192.168.1.65 did not allow the name to be claimed by this machine.
01/05/2010 11:49:11, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 11:48:39, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 11:30:53, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 11:30:34, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:18:06, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:14:08, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:12:04, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:08:05, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:06:37, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0

==== End Of File ===========================
 
update

Just a quick update, I did another scan with Microsoft Security Esentials and it found Win/Alureon.H, I cleaned it and restarted and scanned again now theres nothing showing up but the computer seems to be running a bit slow or with jerky scrolling after the GMER scan, well what I managed of it anyway, when GMER starts up and runs what seems to be a mini scan it picked up that some (I think it said) unauthorized alterations had been detected but am wary of running it again in case I do some serious damage.

:surrender:
 
Hi,


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
HI

All requested files attached, should I reactivate the security software now?

Thanks.






ComboFix 10-05-04.06 - andrew 05/05/2010 14:21:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.337 [GMT 1:00]
Running from: c:\documents and settings\andrew\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Norton Security Online *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\andrew\Local Settings\Temporary Internet Files\CEgOo8bG.jpg
c:\documents and settings\andrew\Local Settings\Temporary Internet Files\K36FMNl.jpg
c:\documents and settings\andrew\Local Settings\Temporary Internet Files\lq5iHtix7.jpg
c:\documents and settings\andrew\Local Settings\Temporary Internet Files\P2w0t.jpg
c:\program files\WindowsUpdate
c:\windows\Downloaded Program Files\Quarantine
c:\windows\system32\4291943986.dat
c:\windows\system32\Data

.
((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-05 13:28 . 2010-05-05 13:28 32 ----a-w- c:\windows\system32\4291943986.dat
2010-05-05 01:52 . 2010-05-05 01:52 36352 ----a-w- c:\windows\system32\drivers\DISK.SYS
2010-04-26 23:33 . 2010-04-26 23:33 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2010-04-26 23:15 . 2010-04-26 23:15 1073 ----a-w- c:\windows\system32\unins000.dat
2010-04-26 23:15 . 2010-04-26 23:15 695578 ----a-w- c:\windows\system32\unins000.exe
2010-04-26 23:15 . 2008-09-30 18:35 65536 ----a-w- c:\windows\system32\camcodec.dll
2010-04-26 23:14 . 2010-04-26 23:28 -------- d-----w- c:\program files\CamStudio
2010-04-22 21:15 . 2010-04-22 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-13 06:49 . 2010-04-13 06:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-09 21:18 . 2010-04-28 14:33 -------- d-----w- c:\documents and settings\andrew\Application Data\gtk-2.0
2010-04-09 21:18 . 2010-04-09 21:18 -------- d-----w- c:\documents and settings\andrew\.thumbnails
2010-04-09 21:05 . 2010-04-28 14:33 -------- d-----w- c:\documents and settings\andrew\.gimp-2.6
2010-04-09 21:04 . 2010-04-09 21:04 -------- d-----w- c:\program files\GIMP-2.0
2010-04-09 11:57 . 2010-04-09 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-08 20:20 . 2010-04-08 20:20 -------- d-----w- c:\documents and settings\andrew\Local Settings\Application Data\SupportSoft
2010-04-08 20:20 . 2010-04-08 20:20 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-04-08 06:28 . 2010-04-08 06:29 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-07 19:07 . 2010-04-28 20:12 -------- d-----w- c:\documents and settings\andrew\Local Settings\Application Data\Temp
2010-04-07 18:34 . 2010-04-07 18:34 -------- d-sh--w- c:\documents and settings\andrew\PrivacIE
2010-04-07 18:28 . 2010-04-07 18:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-07 18:27 . 2010-04-07 18:27 -------- d-sh--w- c:\documents and settings\andrew\IETldCache
2010-04-07 17:59 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-07 17:59 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-07 17:58 . 2010-04-15 02:01 -------- d-----w- c:\windows\ie8updates
2010-04-07 17:58 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-07 17:57 . 2010-04-07 17:58 -------- dc-h--w- c:\windows\ie8
2010-04-07 17:31 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-07 16:59 . 2010-04-07 16:59 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-07 16:59 . 2010-04-07 16:59 -------- d-----w- c:\program files\MSBuild
2010-04-07 16:59 . 2010-04-07 16:59 -------- d-----w- c:\program files\Reference Assemblies
2010-04-07 16:58 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-07 16:58 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-07 16:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-07 16:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-07 16:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-07 16:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-07 16:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-07 16:58 . 2010-04-07 16:58 -------- d-----w- C:\73f5fa418770ba5c36b50abb
2010-04-07 16:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-07 16:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-07 16:57 . 2010-04-07 17:09 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-07 15:59 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-04-07 15:57 . 2010-02-24 09:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-07 15:56 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-04-07 15:52 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-04-07 15:51 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-07 15:51 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-07 15:51 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-04-07 15:46 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-04-07 15:46 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-04-07 15:45 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-07 15:45 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 13:33 . 2008-01-02 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-05-05 13:31 . 2007-02-03 14:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-27 14:38 . 2007-12-06 16:00 181096 ----a-w- c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\pzkg98fl.default\FlashGot.exe
2010-04-21 15:42 . 2007-02-03 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-21 15:41 . 2006-11-11 20:28 -------- d-----w- c:\program files\RegistrySmart
2010-04-21 14:58 . 2007-02-03 14:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-15 02:25 . 2006-10-19 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-08 07:56 . 2006-10-19 20:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-08 07:51 . 2006-10-23 22:37 -------- d-----w- c:\program files\Yahoo!
2010-04-07 22:15 . 2010-04-07 18:33 7631232 ----a-w- c:\documents and settings\andrew\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-04-07 18:27 . 2008-05-19 15:42 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-07 18:11 . 2006-10-19 20:25 -------- d-----w- c:\program files\Microsoft Works
2010-04-07 17:11 . 2006-10-24 02:00 43896 ----a-w- c:\documents and settings\andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-11 12:38 . 2010-03-11 12:38 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-10 06:15 . 2005-08-16 03:18 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2005-08-16 03:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-10-19 19:49 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2005-08-16 03:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 21:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2005-08-16 03:18 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2005-08-16 03:18 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-10-24 22:26 . 2006-10-24 22:26 251 ----a-w- c:\program files\wt3d.ini
2010-04-07 17:01 . 2007-05-15 19:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-06-21 17:38 . 2007-06-21 17:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 17:38 . 2007-06-21 17:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 17:38 . 2007-06-21 17:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 17:38 . 2007-06-21 17:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 17:39 . 2007-06-21 17:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 17:39 . 2007-06-21 17:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 17:39 . 2007-06-21 17:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 17:39 . 2007-06-21 17:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 17:40 . 2007-06-21 17:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2007-01-15 00:49 . 2006-11-08 00:29 88 --sh--r- c:\windows\system32\242F0E16C0.sys
2007-08-26 12:23 . 2006-10-24 16:07 56 --sh--r- c:\windows\system32\C0160E2F24.sys
2007-08-26 12:23 . 2006-10-24 16:07 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 439872]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"mRouterConfig"="c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]
"Google Update"="c:\documents and settings\andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-07 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-04-07 30192]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 102400]
"CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-19 185896]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-10-19 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-19 24576]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2006-10-23 884840]
Run Google Web Accelerator.lnk - c:\program files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-7-9 1134592]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [03/09/2008 20:02 99376]
S1 irwkfcey;irwkfcey;\??\c:\windows\system32\drivers\irwkfcey.sys --> c:\windows\system32\drivers\irwkfcey.sys [?]
S1 MpKsleb1352ba;MpKsleb1352ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD9C37A1-D4A4-4DA4-8E35-E502AF5FC788}\MpKsleb1352ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD9C37A1-D4A4-4DA4-8E35-E502AF5FC788}\MpKsleb1352ba.sys [?]
S1 suseyrlc;suseyrlc;\??\c:\windows\system32\drivers\suseyrlc.sys --> c:\windows\system32\drivers\suseyrlc.sys [?]
S1 ydusgphu;ydusgphu;\??\c:\windows\system32\drivers\ydusgphu.sys --> c:\windows\system32\drivers\ydusgphu.sys [?]
S2 ccEvtMgrRSVP;Symantec Event Manager ccEvtMgrRSVP;c:\windows\system32\12520437t.exe srv --> c:\windows\system32\12520437t.exe srv [?]
S2 HidServTlntSvr;HID Input Service HidServTlntSvr;c:\windows\system32\adsnwe.exe srv --> c:\windows\system32\adsnwe.exe srv [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [23/10/2006 22:08 17149]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/10/2006 21:23 30192]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [04/02/2009 11:46 101120]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443327961-1427962193-1420968328-1005Core.job
- c:\documents and settings\andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-07 19:07]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443327961-1427962193-1420968328-1005UA.job
- c:\documents and settings\andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-07 19:07]

2010-05-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 17:02]

2010-05-04 c:\windows\Tasks\Norton Security Online - Run Full System Scan - andrew.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8ce9c0e223af4489b8fbc6f14716c5a9
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8ce9c0e223af4489b8fbc6f14716c5a9
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab
FF - ProfilePath - c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\pzkg98fl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\pzkg98fl.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\andrew\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RegistrySmart - c:\program files\RegistrySmart\RegistrySmart.exe
HKLM-Run-btbb_McciTrayApp - c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
AddRemove-Yahoo! Anti-Spy - c:\progra~1\Yahoo!\Common\unypsr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 14:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5928)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\fxssvc.exe
c:\windows\stsystra.exe
c:\program files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\progra~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
c:\progra~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Google\Web Accelerator\googlewebaccclient.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-05-05 14:37:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-05 13:37

Pre-Run: 132,589,637,632 bytes free
Post-Run: 132,684,500,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 8D4960531E8AE4990B4CE45801894F1F














DDS (Ver_10-03-17.01) - NTFSx86
Run by andrew at 14:39:46.10 on 05/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.321 [GMT 1:00]

AV: Norton Security Online *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.exe "C:\WINDOWS\system32\adsnwe.exe"
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\andrew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: orer - No File
BHO: rsion - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [mRouterConfig] "c:\program files\intuwave\shared\mrouterruntime\mRouterConfig.exe"
uRun: [Google Update] "c:\documents and settings\andrew\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [EPSON Stylus D68 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [CaISSDT] "c:\program files\ca\etrust internet security suite\caissdt.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [osCheck] "c:\progra~1\symantec\osCheck.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PC Suite for Smartphones] "c:\program files\sony ericsson\mobile4\application launcher\Application Launcher.exe" /startoptions
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rungoo~1.lnk - c:\program files\google\web accelerator\GoogleWebAccWarden.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/229?8ce9c0e223af4489b8fbc6f14716c5a9
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/230?8ce9c0e223af4489b8fbc6f14716c5a9
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com/lib/uclan/support/plugins/ebraryRdr.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4891/mcfscan.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew\applic~1\mozilla\firefox\profiles\pzkg98fl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\andrew\application data\mozilla\firefox\profiles\pzkg98fl.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-3 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081013.003\NAVENG.SYS [2008-10-14 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081013.003\NAVEX15.SYS [2008-10-14 873552]
S1 irwkfcey;irwkfcey;\??\c:\windows\system32\drivers\irwkfcey.sys --> c:\windows\system32\drivers\irwkfcey.sys [?]
S1 MpKsleb1352ba;MpKsleb1352ba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ad9c37a1-d4a4-4da4-8e35-e502af5fc788}\mpksleb1352ba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ad9c37a1-d4a4-4da4-8e35-e502af5fc788}\MpKsleb1352ba.sys [?]
S1 suseyrlc;suseyrlc;\??\c:\windows\system32\drivers\suseyrlc.sys --> c:\windows\system32\drivers\suseyrlc.sys [?]
S1 ydusgphu;ydusgphu;\??\c:\windows\system32\drivers\ydusgphu.sys --> c:\windows\system32\drivers\ydusgphu.sys [?]
S2 ccEvtMgrRSVP;Symantec Event Manager ccEvtMgrRSVP;c:\windows\system32\12520437t.exe srv --> c:\windows\system32\12520437t.exe srv [?]
S2 HidServTlntSvr;HID Input Service HidServTlntSvr;c:\windows\system32\adsnwe.exe srv --> c:\windows\system32\adsnwe.exe srv [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-10-23 17149]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-10-19 30192]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [2009-2-4 101120]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-10-19 1174664]

=============== Created Last 30 ================

2010-05-05 13:28:54 32 ----a-w- c:\windows\system32\4291943986.dat
2010-05-05 13:15:09 0 d-sha-r- C:\cmdcons
2010-05-05 13:14:17 98816 ----a-w- c:\windows\sed.exe
2010-05-05 13:14:17 77312 ----a-w- c:\windows\MBR.exe
2010-05-05 13:14:17 256512 ----a-w- c:\windows\PEV.exe
2010-05-05 13:14:17 161792 ----a-w- c:\windows\SWREG.exe
2010-05-05 01:52:52 36352 ----a-w- c:\windows\system32\drivers\DISK.SYS
2010-04-28 14:33:07 14514 ----a-w- c:\documents and settings\andrew\.recently-used.xbel
2010-04-27 11:43:03 129 ----a-w- c:\windows\ScreenHunter.INI
2010-04-26 23:33:52 0 d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2010-04-26 23:15:11 695578 ----a-w- c:\windows\system32\unins000.exe
2010-04-26 23:15:11 65536 ----a-w- c:\windows\system32\camcodec.dll
2010-04-26 23:15:11 1078 ----a-w- c:\windows\system32\camcodec.ico
2010-04-26 23:15:11 1073 ----a-w- c:\windows\system32\unins000.dat
2010-04-26 23:14:44 0 d-----w- c:\program files\CamStudio
2010-04-26 22:05:22 49922 ----a-w- c:\documents and settings\andrew\and.xcf
2010-04-22 21:15:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-04-18 12:41:55 29521 ----a-w- c:\documents and settings\andrew\christmas_Giftbox.png
2010-04-09 23:17:25 170597 ----a-w- c:\documents and settings\andrew\banner.xcf
2010-04-09 21:18:42 0 d-----w- c:\documents and settings\andrew\.thumbnails
2010-04-09 21:05:13 0 d-----w- c:\documents and settings\andrew\.gimp-2.6
2010-04-09 21:04:21 0 d-----w- c:\program files\GIMP-2.0
2010-04-08 20:20:26 0 d-----w- c:\program files\common files\SupportSoft
2010-04-08 06:28:56 0 d-----w- c:\program files\Microsoft Security Essentials
2010-04-07 20:52:03 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cad6942cd3cd64.mof
2010-04-07 18:34:03 0 d-sh--w- c:\documents and settings\andrew\PrivacIE
2010-04-07 18:27:47 0 d-sh--w- c:\documents and settings\andrew\IETldCache
2010-04-07 17:59:05 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-07 17:59:03 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-07 17:58:59 0 d-----w- c:\windows\ie8updates
2010-04-07 17:58:52 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-07 17:57:43 0 dc-h--w- c:\windows\ie8
2010-04-07 17:31:47 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-07 17:29:00 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-04-07 16:59:25 0 d-----w- c:\windows\system32\XPSViewer
2010-04-07 16:58:28 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-07 16:58:28 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-07 16:58:28 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-07 16:58:28 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-07 16:58:28 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-07 16:58:27 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-07 16:58:27 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-07 16:58:27 0 d-----w- C:\73f5fa418770ba5c36b50abb
2010-04-07 16:57:57 0 d-----w- c:\windows\SxsCaPendDel
2010-04-07 15:59:08 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-04-07 15:57:47 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-07 15:56:28 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-04-07 15:52:52 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-04-07 15:51:54 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-07 15:51:44 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-07 15:51:43 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-04-07 15:51:19 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-04-07 15:46:35 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-04-07 15:46:30 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-04-07 15:45:14 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-07 15:45:12 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-04-07 15:45:11 215552 ------w- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2010-03-11 12:38:52 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:52 78336 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-03-11 12:38:51 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 10:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:37 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:37 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:35 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-25 06:24:35 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-25 06:24:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:35 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-02-25 06:24:35 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 08:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2006-10-24 22:26:59 251 ----a-w- c:\program files\wt3d.ini
2005-06-08 08:03:50 497664 ----a-w- c:\windows\inf\Digital camera for Windows XP-ME.exe
2007-01-15 00:49:35 88 --sh--r- c:\windows\system32\242F0E16C0.sys
2007-08-26 12:23:56 56 --sh--r- c:\windows\system32\C0160E2F24.sys
2007-08-26 12:23:59 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-09-04 04:56:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 14:40:07.54 ===============
 
I had to post this second cause the text was too long





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 23/10/2006 21:50:37
System Uptime: 05/05/2010 14:27:45 (0 hours ago)

Motherboard: Dell Inc. | | 0WG860
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 170 GiB total, 123.596 GiB free.
D: is FIXED (NTFS) - 58 GiB total, 58.123 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP924: 07/04/2010 16:57:40 - Software Distribution Service 3.0
RP925: 07/04/2010 17:49:20 - Software Distribution Service 3.0
RP926: 07/04/2010 17:51:26 - Software Distribution Service 3.0
RP927: 07/04/2010 18:32:57 - Software Distribution Service 3.0
RP928: 08/04/2010 07:33:21 - Software Distribution Service 3.0
RP929: 08/04/2010 08:47:32 - Removed Windows Defender
RP930: 08/04/2010 08:49:17 - Removed Norton Ghost 10.0
RP931: 09/04/2010 03:00:16 - Software Distribution Service 3.0
RP932: 09/04/2010 13:14:48 - Software Distribution Service 3.0
RP933: 10/04/2010 13:17:51 - Software Distribution Service 3.0
RP934: 11/04/2010 02:09:01 - Software Distribution Service 3.0
RP935: 11/04/2010 13:18:59 - Software Distribution Service 3.0
RP936: 12/04/2010 13:17:37 - Software Distribution Service 3.0
RP937: 13/04/2010 13:17:59 - Software Distribution Service 3.0
RP938: 14/04/2010 13:17:56 - Software Distribution Service 3.0
RP939: 15/04/2010 03:00:32 - Software Distribution Service 3.0
RP940: 16/04/2010 03:32:21 - Software Distribution Service 3.0
RP941: 17/04/2010 03:31:42 - Software Distribution Service 3.0
RP942: 18/04/2010 02:14:03 - Software Distribution Service 3.0
RP943: 19/04/2010 02:41:27 - System Checkpoint
RP944: 19/04/2010 03:32:43 - Software Distribution Service 3.0
RP945: 20/04/2010 04:06:43 - System Checkpoint
RP946: 20/04/2010 20:42:08 - Software Distribution Service 3.0
RP947: 21/04/2010 13:09:22 - Software Distribution Service 3.0
RP948: 21/04/2010 15:27:41 - Restore Operation
RP949: 22/04/2010 16:58:46 - System Checkpoint
RP950: 22/04/2010 18:37:38 - Software Distribution Service 3.0
RP951: 23/04/2010 18:38:48 - Software Distribution Service 3.0
RP952: 24/04/2010 18:38:52 - Software Distribution Service 3.0
RP953: 25/04/2010 01:35:10 - Software Distribution Service 3.0
RP954: 25/04/2010 18:38:32 - Software Distribution Service 3.0
RP955: 26/04/2010 18:37:38 - Software Distribution Service 3.0
RP956: 27/04/2010 18:38:51 - Software Distribution Service 3.0
RP957: 28/04/2010 18:38:28 - Software Distribution Service 3.0
RP958: 29/04/2010 18:38:36 - Software Distribution Service 3.0
RP959: 30/04/2010 18:39:26 - Software Distribution Service 3.0
RP960: 01/05/2010 18:39:06 - Software Distribution Service 3.0
RP961: 02/05/2010 01:34:34 - Software Distribution Service 3.0
RP962: 02/05/2010 18:37:57 - Software Distribution Service 3.0
RP963: 03/05/2010 18:55:41 - Software Distribution Service 3.0
RP964: 04/05/2010 18:53:42 - Software Distribution Service 3.0

==== Installed Programs ======================


4oD
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.2
Andrea VoiceCenter
AOL You've Got Pictures Screensaver
AppCore
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
ArcSoft PhotoImpression 5
ArcSoft VideoImpression 2
ARTEuro
ATI - Software Uninstall Utility
ATI Display Driver
AV
BBC iPlayer Download Manager
Bonjour
Broadband Help
BroadJump Client Foundation
Camera RAW Plug-In for EPSON Creativity Suite
CamStudio
CamStudio Lossless Codec v1.4
ccCommon
Citrix Presentation Server Client - Web Only
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Creative Audio Pack
Creative MediaSource 5
Dell CinePlayer
Dell Driver Reset Tool
Dell Network Assistant
Dell Support 3.2
Dell System Restore
Digital camera for Windows XP-ME
Digital Line Detect
DivX Content Uploader
DivX Web Player
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON Event Manager
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Stylus C110_D120 Manual
EPSON Web-To-Page
ESD68 User's Guide
ESPNMotion
FoxyTunes for Firefox
Free Games Offer, Desktop Shortcut
GemMaster Mystic
GIMP 2.6.8
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Web Accelerator
GSpot Codec Information Appliance
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
ImageForge version 3.60
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Magic Photo Editor 3.95
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.19)
MSRedist
MSRuntime Libraries
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MySpaceIM
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
NetWaiting
Norton AntiVirus
Norton Internet Security
Norton Protection Center
OpenOffice.org Installer 1.0
Otto
PerfV10_V100 User’s Guide
Picasa 2
QuickTime
RealPlayer
Rhapsody Player Engine
Riva FLV Encoder 2.0
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic MyDVD
Sonic Update Manager
Sony Ericsson Media Manager 1.0
Sony Ericsson PC Suite for Smartphones
Sony Ericsson Symbian 9 Drivers
SopCast 2.0.4
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
SPBBC 32bit
Spybot - Search & Destroy
Symantec Real Time Storage Protection Component
SymNet
Tabbed Browsing (Windows Live Toolbar)
Tiscali Internet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VeohTV BETA
Viewpoint Media Player
Virgin Broadband advisor 1.5.14
Virtual DJ - Atomix Productions
Vodafone PC Assistant V1.8.19
Wanadoo Europe Installer
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Vista Upgrade Advisor
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wisdom-soft ScreenHunter 5.1 Free
XviD 1.1 final uninstall

==== Event Viewer Messages From Past Week ========

30/04/2010 23:03:14, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
30/04/2010 22:55:29, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
30/04/2010 21:54:18, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
30/04/2010 14:53:12, error: NetBT [4321] - The name "DRUMMOND :0" could not be registered on the Interface with IP address 192.168.1.64. The machine with the IP address 192.168.1.65 did not allow the name to be claimed by this machine.
01/05/2010 11:30:34, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:18:06, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:14:08, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:12:04, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:08:05, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:06:37, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0

==== End Of File ===========================
 
Hi again,

You seem to have both Norton and MSE installed there. If Norton license is not valid anymore then you should uninstall it. Otherwise, decide which one of those two you want to keep.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
DeQuarantine::
c:\qoobox\quarantine\c\program files\WindowsUpdate
Ignore::
c:\program files\WindowsUpdate
Driver::
irwkfcey
suseyrlc
ydusgphu
ccEvtMgrRSVP
HidServTlntSvr
File::
c:\windows\system32\4291943986.dat
c:\windows\system32\drivers\irwkfcey.sys
c:\windows\system32\drivers\suseyrlc.sys
c:\windows\system32\drivers\ydusgphu.sys
c:\windows\system32\12520437t.exe
c:\windows\system32\adsnwe.exe
DDS::
BHO: orer - No File
BHO: rsion - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: 1 (0x1) - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall your current Adobe shockwave player and get the fresh one here if needed.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 20.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
Kas & combofix

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, May 5, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, May 05, 2010 13:05:18
Records in database: 4057239
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 99446
Threats found: 8
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 03:06:45


File name / Threat / Threats count
C:\Documents and Settings\andrew\Application Data\Sun\Java\Deployment\cache\6.0\11\6f4725cb-6c4ca9f8 Infected: Trojan-Downloader.Java.Agent.br 3
C:\Documents and Settings\andrew\Application Data\Sun\Java\Deployment\cache\6.0\13\70c7184d-4d235261 Infected: Exploit.Java.Agent.a 1
C:\Documents and Settings\andrew\Application Data\Sun\Java\Deployment\cache\6.0\13\70c7184d-4d235261 Infected: Exploit.Java.CVE-2009-3867.a 1
C:\Documents and Settings\andrew\Application Data\Sun\Java\Deployment\cache\6.0\38\28521166-30adf5ae Infected: Exploit.Java.CVE-2009-3867.gen 1
C:\Documents and Settings\andrew\Application Data\Sun\Java\Deployment\cache\6.0\38\28521166-30adf5ae Infected: Trojan-Downloader.Java.Agent.cd 1
C:\Documents and Settings\andrew\Application Data\Sun\Java\Deployment\cache\6.0\38\28521166-30adf5ae Infected: Trojan-Downloader.Java.OpenStream.al 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP964\A0071821.sys Infected: Rootkit.Win32.TDSS.ap 1
C:\WINDOWS\Motive\btbb\UninstallHelper.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1

Selected area has been scanned.






ComboFix 10-05-04.06 - andrew 05/05/2010 18:15:10.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.383 [GMT 1:00]
Running from: c:\documents and settings\andrew\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\andrew\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\windows\system32\12520437t.exe"
"c:\windows\system32\4291943986.dat"
"c:\windows\system32\adsnwe.exe"
"c:\windows\system32\drivers\irwkfcey.sys"
"c:\windows\system32\drivers\suseyrlc.sys"
"c:\windows\system32\drivers\ydusgphu.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\4291943986.dat
c:\windows\system32\adsnwe.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CCEVTMGRRSVP
-------\Legacy_HIDSERVTLNTSVR
-------\Service_ccEvtMgrRSVP
-------\Service_HidServTlntSvr
-------\Service_irwkfcey
-------\Service_suseyrlc
-------\Service_ydusgphu


((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-05 17:08 . 2010-05-05 17:08 -------- d-----w- c:\program files\Common Files\Java
2010-05-05 17:08 . 2010-05-05 17:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-05 01:52 . 2010-05-05 01:52 36352 ----a-w- c:\windows\system32\drivers\DISK.SYS
2010-04-26 23:33 . 2010-04-26 23:33 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2010-04-26 23:15 . 2010-04-26 23:15 1073 ----a-w- c:\windows\system32\unins000.dat
2010-04-26 23:15 . 2010-04-26 23:15 695578 ----a-w- c:\windows\system32\unins000.exe
2010-04-26 23:15 . 2008-09-30 18:35 65536 ----a-w- c:\windows\system32\camcodec.dll
2010-04-26 23:14 . 2010-04-26 23:28 -------- d-----w- c:\program files\CamStudio
2010-04-22 21:15 . 2010-04-22 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-13 06:49 . 2010-04-13 06:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-09 21:18 . 2010-04-28 14:33 -------- d-----w- c:\documents and settings\andrew\Application Data\gtk-2.0
2010-04-09 21:18 . 2010-04-09 21:18 -------- d-----w- c:\documents and settings\andrew\.thumbnails
2010-04-09 21:05 . 2010-04-28 14:33 -------- d-----w- c:\documents and settings\andrew\.gimp-2.6
2010-04-09 21:04 . 2010-04-09 21:04 -------- d-----w- c:\program files\GIMP-2.0
2010-04-09 11:57 . 2010-05-05 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-08 20:20 . 2010-04-08 20:20 -------- d-----w- c:\documents and settings\andrew\Local Settings\Application Data\SupportSoft
2010-04-08 20:20 . 2010-04-08 20:20 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-04-08 06:28 . 2010-04-08 06:29 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-07 19:07 . 2010-04-28 20:12 -------- d-----w- c:\documents and settings\andrew\Local Settings\Application Data\Temp
2010-04-07 18:34 . 2010-04-07 18:34 -------- d-sh--w- c:\documents and settings\andrew\PrivacIE
2010-04-07 18:28 . 2010-04-07 18:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-07 18:27 . 2010-04-07 18:27 -------- d-sh--w- c:\documents and settings\andrew\IETldCache
2010-04-07 17:59 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-07 17:59 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-07 17:58 . 2010-04-15 02:01 -------- d-----w- c:\windows\ie8updates
2010-04-07 17:58 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-07 17:57 . 2010-04-07 17:58 -------- dc-h--w- c:\windows\ie8
2010-04-07 17:31 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-07 16:59 . 2010-04-07 16:59 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-07 16:59 . 2010-04-07 16:59 -------- d-----w- c:\program files\MSBuild
2010-04-07 16:59 . 2010-04-07 16:59 -------- d-----w- c:\program files\Reference Assemblies
2010-04-07 16:58 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-07 16:58 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-07 16:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-07 16:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-07 16:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-07 16:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-07 16:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-07 16:58 . 2010-04-07 16:58 -------- d-----w- C:\73f5fa418770ba5c36b50abb
2010-04-07 16:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-07 16:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-07 16:57 . 2010-04-07 17:09 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-07 15:59 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-04-07 15:57 . 2010-02-24 09:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-07 15:56 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-04-07 15:52 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-04-07 15:51 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-07 15:51 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-07 15:51 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-04-07 15:46 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-04-07 15:46 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-04-07 15:45 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-07 15:45 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 17:28 . 2008-01-02 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-05-05 17:27 . 2007-02-03 14:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-05 17:08 . 2010-05-05 17:08 503808 ----a-w- c:\documents and settings\andrew\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32a3c7ba-n\msvcp71.dll
2010-05-05 17:08 . 2010-05-05 17:08 499712 ----a-w- c:\documents and settings\andrew\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32a3c7ba-n\jmc.dll
2010-05-05 17:08 . 2010-05-05 17:08 348160 ----a-w- c:\documents and settings\andrew\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32a3c7ba-n\msvcr71.dll
2010-05-05 17:08 . 2010-05-05 17:08 61440 ----a-w- c:\documents and settings\andrew\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-74164cd9-n\decora-sse.dll
2010-05-05 17:08 . 2010-05-05 17:08 12800 ----a-w- c:\documents and settings\andrew\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-74164cd9-n\decora-d3d.dll
2010-05-05 17:08 . 2006-10-19 20:07 -------- d-----w- c:\program files\Java
2010-05-05 17:00 . 2006-10-19 20:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-05 16:59 . 2006-10-19 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-05 16:30 . 2006-10-19 20:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-27 14:38 . 2007-12-06 16:00 181096 ----a-w- c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\pzkg98fl.default\FlashGot.exe
2010-04-21 15:42 . 2007-02-03 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-21 15:41 . 2006-11-11 20:28 -------- d-----w- c:\program files\RegistrySmart
2010-04-21 14:58 . 2007-02-03 14:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-08 07:51 . 2006-10-23 22:37 -------- d-----w- c:\program files\Yahoo!
2010-04-07 22:15 . 2010-04-07 18:33 7631232 ----a-w- c:\documents and settings\andrew\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-04-07 18:27 . 2008-05-19 15:42 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-07 18:11 . 2006-10-19 20:25 -------- d-----w- c:\program files\Microsoft Works
2010-04-07 17:11 . 2006-10-24 02:00 43896 ----a-w- c:\documents and settings\andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-11 12:38 . 2010-03-11 12:38 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-10 06:15 . 2005-08-16 03:18 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2005-08-16 03:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-10-19 19:49 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2005-08-16 03:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 21:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2005-08-16 03:18 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2005-08-16 03:18 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-10-24 22:26 . 2006-10-24 22:26 251 ----a-w- c:\program files\wt3d.ini
2010-04-07 17:01 . 2007-05-15 19:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-06-21 17:38 . 2007-06-21 17:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 17:38 . 2007-06-21 17:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 17:38 . 2007-06-21 17:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 17:38 . 2007-06-21 17:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 17:39 . 2007-06-21 17:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 17:39 . 2007-06-21 17:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 17:39 . 2007-06-21 17:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 17:39 . 2007-06-21 17:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 17:40 . 2007-06-21 17:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2007-01-15 00:49 . 2006-11-08 00:29 88 --sh--r- c:\windows\system32\242F0E16C0.sys
2007-08-26 12:23 . 2006-10-24 16:07 56 --sh--r- c:\windows\system32\C0160E2F24.sys
2007-08-26 12:23 . 2006-10-24 16:07 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 439872]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"mRouterConfig"="c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]
"Google Update"="c:\documents and settings\andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-07 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-04-07 30192]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 102400]
"CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-19 185896]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-10-19 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-19 24576]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2006-10-23 884840]
Run Google Web Accelerator.lnk - c:\program files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-7-9 1134592]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

S1 MpKsleb1352ba;MpKsleb1352ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD9C37A1-D4A4-4DA4-8E35-E502AF5FC788}\MpKsleb1352ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD9C37A1-D4A4-4DA4-8E35-E502AF5FC788}\MpKsleb1352ba.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [23/10/2006 22:08 17149]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/10/2006 21:23 30192]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [04/02/2009 11:46 101120]
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443327961-1427962193-1420968328-1005Core.job
- c:\documents and settings\andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-07 19:07]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443327961-1427962193-1420968328-1005UA.job
- c:\documents and settings\andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-07 19:07]

2010-05-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 17:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8ce9c0e223af4489b8fbc6f14716c5a9
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8ce9c0e223af4489b8fbc6f14716c5a9
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab
FF - ProfilePath - c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\pzkg98fl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\pzkg98fl.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\andrew\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 18:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5760)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\stsystra.exe
c:\program files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Google\Web Accelerator\googlewebaccclient.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\progra~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
c:\progra~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
.
**************************************************************************
.
Completion time: 2010-05-05 18:31:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-05 17:31
ComboFix2.txt 2010-05-05 13:37

Pre-Run: 132,908,249,088 bytes free
Post-Run: 132,907,986,944 bytes free

- - End Of File - - C811BBF7E1CFF25FC1AFC5B30252F85D
 
newest dds

DDS (Ver_10-03-17.01) - NTFSx86
Run by andrew at 22:21:24.64 on 05/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.535 [GMT 1:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\andrew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: orer - No File
BHO: rsion - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [mRouterConfig] "c:\program files\intuwave\shared\mrouterruntime\mRouterConfig.exe"
uRun: [Google Update] "c:\documents and settings\andrew\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [EPSON Stylus D68 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [CaISSDT] "c:\program files\ca\etrust internet security suite\caissdt.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PC Suite for Smartphones] "c:\program files\sony ericsson\mobile4\application launcher\Application Launcher.exe" /startoptions
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rungoo~1.lnk - c:\program files\google\web accelerator\GoogleWebAccWarden.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/229?8ce9c0e223af4489b8fbc6f14716c5a9
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/230?8ce9c0e223af4489b8fbc6f14716c5a9
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com/lib/uclan/support/plugins/ebraryRdr.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4891/mcfscan.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew\applic~1\mozilla\firefox\profiles\pzkg98fl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\andrew\application data\mozilla\firefox\profiles\pzkg98fl.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\andrew\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S1 MpKsleb1352ba;MpKsleb1352ba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ad9c37a1-d4a4-4da4-8e35-e502af5fc788}\mpksleb1352ba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ad9c37a1-d4a4-4da4-8e35-e502af5fc788}\MpKsleb1352ba.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-10-23 17149]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-10-19 30192]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [2009-2-4 101120]

=============== Created Last 30 ================

2010-05-05 17:08:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-05 17:08:26 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-05 13:15:09 0 d-sha-r- C:\cmdcons
2010-05-05 13:14:17 98816 ----a-w- c:\windows\sed.exe
2010-05-05 13:14:17 77312 ----a-w- c:\windows\MBR.exe
2010-05-05 13:14:17 256512 ----a-w- c:\windows\PEV.exe
2010-05-05 13:14:17 161792 ----a-w- c:\windows\SWREG.exe
2010-05-05 01:52:52 36352 ----a-w- c:\windows\system32\drivers\DISK.SYS
2010-04-28 14:33:07 14514 ----a-w- c:\documents and settings\andrew\.recently-used.xbel
2010-04-27 11:43:03 129 ----a-w- c:\windows\ScreenHunter.INI
2010-04-26 23:33:52 0 d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2010-04-26 23:15:11 695578 ----a-w- c:\windows\system32\unins000.exe
2010-04-26 23:15:11 65536 ----a-w- c:\windows\system32\camcodec.dll
2010-04-26 23:15:11 1078 ----a-w- c:\windows\system32\camcodec.ico
2010-04-26 23:15:11 1073 ----a-w- c:\windows\system32\unins000.dat
2010-04-26 23:14:44 0 d-----w- c:\program files\CamStudio
2010-04-26 22:05:22 49922 ----a-w- c:\documents and settings\andrew\and.xcf
2010-04-22 21:15:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-04-18 12:41:55 29521 ----a-w- c:\documents and settings\andrew\christmas_Giftbox.png
2010-04-09 23:17:25 170597 ----a-w- c:\documents and settings\andrew\banner.xcf
2010-04-09 21:18:42 0 d-----w- c:\documents and settings\andrew\.thumbnails
2010-04-09 21:05:13 0 d-----w- c:\documents and settings\andrew\.gimp-2.6
2010-04-09 21:04:21 0 d-----w- c:\program files\GIMP-2.0
2010-04-08 20:20:26 0 d-----w- c:\program files\common files\SupportSoft
2010-04-08 06:28:56 0 d-----w- c:\program files\Microsoft Security Essentials
2010-04-07 20:52:03 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cad6942cd3cd64.mof
2010-04-07 18:34:03 0 d-sh--w- c:\documents and settings\andrew\PrivacIE
2010-04-07 18:27:47 0 d-sh--w- c:\documents and settings\andrew\IETldCache
2010-04-07 17:59:05 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-07 17:59:03 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-07 17:58:59 0 d-----w- c:\windows\ie8updates
2010-04-07 17:58:52 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-07 17:57:43 0 dc-h--w- c:\windows\ie8
2010-04-07 17:31:47 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-07 17:29:00 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-04-07 16:59:25 0 d-----w- c:\windows\system32\XPSViewer
2010-04-07 16:58:28 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-07 16:58:28 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-07 16:58:28 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-07 16:58:28 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-07 16:58:28 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-07 16:58:27 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-07 16:58:27 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-07 16:58:27 0 d-----w- C:\73f5fa418770ba5c36b50abb
2010-04-07 16:57:57 0 d-----w- c:\windows\SxsCaPendDel
2010-04-07 15:59:08 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-04-07 15:57:47 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-07 15:56:28 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-04-07 15:52:52 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-04-07 15:51:54 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-07 15:51:44 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-07 15:51:43 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-04-07 15:51:19 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-04-07 15:46:35 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-04-07 15:46:30 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-04-07 15:45:14 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-07 15:45:12 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-04-07 15:45:11 215552 ------w- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2010-03-11 12:38:52 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:52 78336 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-03-11 12:38:51 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 10:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:37 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:37 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:35 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-25 06:24:35 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-25 06:24:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:35 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-02-25 06:24:35 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 08:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2006-10-24 22:26:59 251 ----a-w- c:\program files\wt3d.ini
2005-06-08 08:03:50 497664 ----a-w- c:\windows\inf\Digital camera for Windows XP-ME.exe
2007-01-15 00:49:35 88 --sh--r- c:\windows\system32\242F0E16C0.sys
2007-08-26 12:23:56 56 --sh--r- c:\windows\system32\C0160E2F24.sys
2007-08-26 12:23:59 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-09-04 04:56:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 22:22:37.00 ===============
 
attach for last dds

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 23/10/2006 21:50:37
System Uptime: 05/05/2010 18:24:09 (4 hours ago)

Motherboard: Dell Inc. | | 0WG860
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 170 GiB total, 123.65 GiB free.
D: is FIXED (NTFS) - 58 GiB total, 58.123 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP924: 07/04/2010 16:57:40 - Software Distribution Service 3.0
RP925: 07/04/2010 17:49:20 - Software Distribution Service 3.0
RP926: 07/04/2010 17:51:26 - Software Distribution Service 3.0
RP927: 07/04/2010 18:32:57 - Software Distribution Service 3.0
RP928: 08/04/2010 07:33:21 - Software Distribution Service 3.0
RP929: 08/04/2010 08:47:32 - Removed Windows Defender
RP930: 08/04/2010 08:49:17 - Removed Norton Ghost 10.0
RP931: 09/04/2010 03:00:16 - Software Distribution Service 3.0
RP932: 09/04/2010 13:14:48 - Software Distribution Service 3.0
RP933: 10/04/2010 13:17:51 - Software Distribution Service 3.0
RP934: 11/04/2010 02:09:01 - Software Distribution Service 3.0
RP935: 11/04/2010 13:18:59 - Software Distribution Service 3.0
RP936: 12/04/2010 13:17:37 - Software Distribution Service 3.0
RP937: 13/04/2010 13:17:59 - Software Distribution Service 3.0
RP938: 14/04/2010 13:17:56 - Software Distribution Service 3.0
RP939: 15/04/2010 03:00:32 - Software Distribution Service 3.0
RP940: 16/04/2010 03:32:21 - Software Distribution Service 3.0
RP941: 17/04/2010 03:31:42 - Software Distribution Service 3.0
RP942: 18/04/2010 02:14:03 - Software Distribution Service 3.0
RP943: 19/04/2010 02:41:27 - System Checkpoint
RP944: 19/04/2010 03:32:43 - Software Distribution Service 3.0
RP945: 20/04/2010 04:06:43 - System Checkpoint
RP946: 20/04/2010 20:42:08 - Software Distribution Service 3.0
RP947: 21/04/2010 13:09:22 - Software Distribution Service 3.0
RP948: 21/04/2010 15:27:41 - Restore Operation
RP949: 22/04/2010 16:58:46 - System Checkpoint
RP950: 22/04/2010 18:37:38 - Software Distribution Service 3.0
RP951: 23/04/2010 18:38:48 - Software Distribution Service 3.0
RP952: 24/04/2010 18:38:52 - Software Distribution Service 3.0
RP953: 25/04/2010 01:35:10 - Software Distribution Service 3.0
RP954: 25/04/2010 18:38:32 - Software Distribution Service 3.0
RP955: 26/04/2010 18:37:38 - Software Distribution Service 3.0
RP956: 27/04/2010 18:38:51 - Software Distribution Service 3.0
RP957: 28/04/2010 18:38:28 - Software Distribution Service 3.0
RP958: 29/04/2010 18:38:36 - Software Distribution Service 3.0
RP959: 30/04/2010 18:39:26 - Software Distribution Service 3.0
RP960: 01/05/2010 18:39:06 - Software Distribution Service 3.0
RP961: 02/05/2010 01:34:34 - Software Distribution Service 3.0
RP962: 02/05/2010 18:37:57 - Software Distribution Service 3.0
RP963: 03/05/2010 18:55:41 - Software Distribution Service 3.0
RP964: 04/05/2010 18:53:42 - Software Distribution Service 3.0
RP965: 05/05/2010 17:14:44 - Removed Adobe Reader 8.1.1
RP966: 05/05/2010 17:30:12 - Installed Adobe Reader 9.3.
RP967: 05/05/2010 17:40:18 - Removed J2SE Runtime Environment 5.0 Update 10
RP968: 05/05/2010 17:40:52 - Removed J2SE Runtime Environment 5.0 Update 11
RP969: 05/05/2010 17:41:24 - Removed J2SE Runtime Environment 5.0 Update 6
RP970: 05/05/2010 17:42:11 - Removed J2SE Runtime Environment 5.0 Update 9
RP971: 05/05/2010 17:42:40 - Removed Java(TM) 6 Update 2
RP972: 05/05/2010 17:43:18 - Removed Java(TM) 6 Update 3
RP973: 05/05/2010 17:44:03 - Removed Java(TM) 6 Update 5
RP974: 05/05/2010 17:45:02 - Removed Java(TM) 6 Update 7
RP975: 05/05/2010 17:46:18 - Removed Java(TM) SE Runtime Environment 6 Update 1
RP976: 05/05/2010 18:07:56 - Installed Java(TM) 6 Update 20

==== Installed Programs ======================


4oD
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.2
Andrea VoiceCenter
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
ArcSoft PhotoImpression 5
ArcSoft VideoImpression 2
ARTEuro
ATI - Software Uninstall Utility
ATI Display Driver
BBC iPlayer Download Manager
Bonjour
Broadband Help
BroadJump Client Foundation
Camera RAW Plug-In for EPSON Creativity Suite
CamStudio
CamStudio Lossless Codec v1.4
Citrix Presentation Server Client - Web Only
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Creative Audio Pack
Creative MediaSource 5
Dell CinePlayer
Dell Driver Reset Tool
Dell Network Assistant
Dell Support 3.2
Dell System Restore
Digital camera for Windows XP-ME
Digital Line Detect
DivX Content Uploader
DivX Web Player
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON Event Manager
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Stylus C110_D120 Manual
EPSON Web-To-Page
ESD68 User's Guide
ESPNMotion
FoxyTunes for Firefox
Free Games Offer, Desktop Shortcut
GemMaster Mystic
GIMP 2.6.8
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Web Accelerator
GSpot Codec Information Appliance
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
ImageForge version 3.60
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Learn2 Player (Uninstall Only)
Magic Photo Editor 3.95
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.19)
MSRuntime Libraries
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MySpaceIM
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
NetWaiting
OpenOffice.org Installer 1.0
Otto
PerfV10_V100 User’s Guide
Picasa 2
QuickTime
RealPlayer
Rhapsody Player Engine
Riva FLV Encoder 2.0
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic MyDVD
Sonic Update Manager
Sony Ericsson Media Manager 1.0
Sony Ericsson PC Suite for Smartphones
Sony Ericsson Symbian 9 Drivers
SopCast 2.0.4
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spybot - Search & Destroy
Tabbed Browsing (Windows Live Toolbar)
Tiscali Internet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VeohTV BETA
Viewpoint Media Player
Virgin Broadband advisor 1.5.14
Virtual DJ - Atomix Productions
Vodafone PC Assistant V1.8.19
Wanadoo Europe Installer
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Vista Upgrade Advisor
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wisdom-soft ScreenHunter 5.1 Free
XviD 1.1 final uninstall

==== Event Viewer Messages From Past Week ========

30/04/2010 23:03:14, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
30/04/2010 22:55:29, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
30/04/2010 21:54:18, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
30/04/2010 14:53:12, error: NetBT [4321] - The name "DRUMMOND :0" could not be registered on the Interface with IP address 192.168.1.64. The machine with the IP address 192.168.1.65 did not allow the name to be claimed by this machine.
01/05/2010 11:30:53, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 11:30:34, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:18:06, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:14:08, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:12:04, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:08:05, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0
01/05/2010 02:06:37, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.CT&threatid=2147628639 User: DH1HSJ2J\andrew Name: Trojan:Win32/Alureon.CT ID: 2147628639 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.729.0, AS: 1.81.729.0 Engine Version: 1.1.5703.0

==== End Of File ===========================




Thank you
 
Hi,

Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Delete these files if found:
C:\Documents and Settings\andrew\Application Data\Sun\Java\Deployment\cache\6.0\11\6f4725cb-6c4ca9f8
C:\Documents and Settings\andrew\Application Data\Sun\Java\Deployment\cache\6.0\13\70c7184d-4d235261
C:\Documents and Settings\andrew\Application Data\Sun\Java\Deployment\cache\6.0\38\28521166-30adf5ae

How's the system running now?
 
Hi,

Did you make system files visible before looking for those three files first? If yes, then those files probably really don't exist and we may move on to the final steps.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



We need to re hide system files. To do so, please follow the steps below:
  1. Double-click My Computer.
  2. Click the Tools menu, and then click Folder Options.
  3. Click the View tab.
  4. Put a check by
    Hide file extensions for known file types.
  5. Under the
    Hidden files
    folder, select
    Show hidden files and folders.
  6. Check
    Hide protected operating system files.
  7. Click Apply, and then click OK.


Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


Please download OTC and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
  • Run Secunia vulnerability check here and fix its findings.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top