LOL

Members
  • Content count

    33
  • Joined

  • Last visited

About LOL

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Hi MrC, I managed to download a copy of IE 10 from the second link, but it wouldn't load as the setup program says that a later version of IE is already installed. Reading on the net, it seems that a lot of folk are haviong difficulty upgrading Windows 7 Starter to IE version11. You don't seem to be able to find any evidence of an infection, so as there isn't much data on this machine, I think that unless you have a better idea, I'll just reset it back to factory settings and see if that resolves the issues. I only use it for web browsing, so it's pretty useless with the browsers behaving as they are. Can you advise how I remove the programs such as Zoek, JRT etc.? Thanks N
  2. Hi, This doesn't seem to be possible. The IE 10 download page doesn't seem to exist any longer. Everything I tried points to using IE11 instead. However the IE 11setup has failed several times. I don't know whether this is because this machine is only using Windows 7 Starter?
  3. No, nothing noticable Both browsers (IE & Firefox) are still having the same problems. Both taking a minute plus to launch. Running slow. Firefox I have to close after a few minutes because "a script is running slow or has stopped working". IE still closes after a short while "Internet Explorer has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available". N
  4. Hi, Here is the log from Zoek Zoek.exe v5.0.0.0 Updated 16-November-2014 Tool run by Norma on 19/11/2014 at 1:05:14.93. Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Norma\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 19/11/2014 01:13:47 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2061290426-1330879846-2013246735-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Norma\Downloads\456_189_182444monthlysavings9912347lp.pdf deleted C:\Windows\system32\config\systemprofile\Searches deleted "C:\Users\Norma\AppData\Local\{8080774B-D335-4643-B249-C41310281906}" deleted "C:\Users\Norma\AppData\Local\{9862EC6D-8E8D-4714-8AAF-FA1A96C1C81D}" deleted ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Norma\AppData\Roaming\Mozilla\Firefox\Profiles\e9696u54.default-1416269746444 67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash 893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://home.bt.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://home.bt.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2061290426-1330879846-2013246735-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully HKEY_USERS\S-1-5-21-2061290426-1330879846-2013246735-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully ==== Empty IE Cache ====================== C:\Users\Norma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Norma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Norma\AppData\Local\Mozilla\Firefox\Profiles\e9696u54.default-1416269746444\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=6 folders=1 122330 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Norma\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Norma\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 19/11/2014 at 7:56:15.76 ====================== Norma
  5. Hi, I've tried everything in your last post - a copy of the JRT log is below The fact that two anti-virus programs were running sounded promising - I thought Windows Defender was disabled. I followed your instruction to close it, but disappointingly this doesn't seem to have made any noticable difference I re-set both browsers (IE & Firefox). At first this seemed to have made at least a small improvement. I turned-off and re-booted. I waited until the desktop was open then left it another 3-4 minutes to try to ensure that all start-up process was complete, then I clicked on Firefox. It took about one minute forty-five seconds for the browser window to open. Once open it was v slow I closed this down and a couple of minutes later launched IE. It seemed to be going ok for a few seconds and then I got the following error message (this is the original problem I was having with IE) "Internet Explorer has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available" It closed, but no further information came through. I tried to open it again and the same thing happened ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.9 (11.15.2014:2) OS: Windows 7 Starter x86 Ran by Norma on 17/11/2014 at 18:24:10.33 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{0C398276-CABC-4FDA-86C8-BF2E58CC8B36} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{1470DD10-2750-4776-880B-596897D12A07} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{18956F84-AF62-4C64-83CB-B38929288904} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{1980D750-BB9E-4CAE-BE81-3B5E5701AFEA} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{20EE4B77-A50E-48A2-A29E-D12CE8F831A7} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{3E93A319-1D46-4587-8131-5D7C65D6DA79} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{5B853424-08FB-47E7-A721-03F8E5567DE1} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{783B0864-5040-40AA-9516-8DFEE1DAF6AE} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{8F7DECE8-0E9F-448D-B359-59F315A6835B} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{90801478-3B7E-4EB6-B193-F31D26C7FBE6} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{93232B18-A2B1-47EA-9630-ECAE99ED78E3} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{AB629AA1-1FF4-454D-8A5E-DC7014BF3D9A} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{C5C72EBE-658D-46D2-AF41-9F56AE2C147A} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{C624BF38-208A-4A77-814B-5B81420134E5} Successfully deleted: [Empty Folder] C:\Users\Norma\appdata\local\{E7D0557A-65F8-430F-BEAC-A5BAF1672B52} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17/11/2014 at 18:37:12.66 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It seems like the tools aren't really finding much wrong, but any other ideas would be appreciated Norma
  6. Hi MrCharlie, Many thanks for your assistance I've done as you asked and the logs are below Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 16/11/2014 Scan Time: 20:20:37 Logfile: Malwarebytes Log.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.16.05 Rootkit Database: v2014.11.12.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Norma Scan Type: Threat Scan Result: Completed Objects Scanned: 291706 Time Elapsed: 23 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Norma [Administrator] Mode : Scan -- Date : 11/16/2014 21:51:41 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 4 ¤¤¤ [PUM.HomePage] HKEY_USERS\S-1-5-21-2061290426-1330879846-2013246735-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://home.bt.com/ -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-2061290426-1330879846-2013246735-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD1600BEVT-22A23T0 +++++ --- User --- [MBR] bb78c3317fca385c8ba4048e43e6a283 [bSP] 686818fc42b5893c09b487e08ce273d9 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 13319 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27278370 | Size: 101 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27487215 | Size: 139205 MB User = LL1 ... OK User = LL2 ... OK
  7. Computer has been running pretty slow, particularly online. I ran malwarebytes and it identified and removed several viruses, but not much has improved. Internet Explorer is barely working at all - keeps having error messages and having to close. Firefox is only slightly better. It runs, but is painfully slow moving from one page to the next. Unfortunately I did run c cleaner and Old Timer TFC to see if cleaning out junk and temporary files would help. It didn't, though both removed rather a lot. I see from your pinned instructions that this might not have been helpful. Here are the logs from the Farbar tool. I'd be grateful for any help you can give. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-11-2014 01 Ran by Norma (administrator) on NORMA-PC on 16-11-2014 16:05:41 Running from C:\Users\Norma\Downloads Loaded Profile: Norma (Available profiles: Norma) Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Registration\GregHSRW.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-20] (AVAST Software) HKU\S-1-5-21-2061290426-1330879846-2013246735-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-30] (Piriform Ltd) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_enGB411GB411 SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_enGB411GB411 BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpIdfPlugin.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Norma\AppData\Roaming\Mozilla\Firefox\Profiles\30pbpk6y.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin: @ei.UtilityChest_49.com/Plugin -> C:\Program Files\UtilityChest_49EI\Installr\1.bin\NP49EISB.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor8.0; c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-21] (AVAST Software) R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [106488 2014-07-21] (AVAST Software) S3 GameConsoleService; C:\Program Files\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [238328 2009-10-10] (WildTangent, Inc.) R2 Greg_Service; C:\Program Files\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed] R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-21] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-21] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-21] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [270752 2014-07-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-21] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-21] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-21] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-21] () S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-13] (Microsoft Corporation) S3 EUCR; C:\Windows\system32\drivers\EUCR6SK.SYS [82384 2010-03-02] (ENE Technology Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-16 16:05 - 2014-11-16 16:07 - 00009039 _____ () C:\Users\Norma\Downloads\FRST.txt 2014-11-16 16:04 - 2014-11-16 16:05 - 00000000 ____D () C:\FRST 2014-11-16 16:03 - 2014-11-16 16:03 - 01108992 _____ (Farbar) C:\Users\Norma\Downloads\FRST.exe 2014-11-16 14:56 - 2014-11-16 15:18 - 00006867 _____ () C:\Windows\IE11_main.log 2014-11-15 23:36 - 2014-11-16 14:38 - 00000112 _____ () C:\Windows\setupact.log 2014-11-15 23:36 - 2014-11-15 23:36 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-15 22:46 - 2014-11-15 22:47 - 00000000 ____D () C:\Program Files\CCleaner 2014-11-15 22:42 - 2014-11-15 22:42 - 04976456 _____ (Piriform Ltd) C:\Users\Norma\Downloads\ccsetup419.exe 2014-11-15 16:20 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-14 17:32 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-14 17:25 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-14 17:25 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-14 00:52 - 2014-11-14 01:00 - 00000000 ____D () C:\AdwCleaner 2014-11-13 23:53 - 2014-11-16 14:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-13 23:51 - 2014-11-13 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-13 23:51 - 2014-11-13 23:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-11-13 23:51 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-13 23:51 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-13 22:51 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-13 22:49 - 2014-10-10 00:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-13 22:49 - 2014-10-03 01:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-13 22:49 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-13 22:49 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-13 22:49 - 2014-10-03 01:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-13 22:49 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-13 22:49 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-13 22:43 - 2014-11-13 22:43 - 00006576 ____N () C:\bootsqm.dat 2014-11-13 21:19 - 2014-11-05 17:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-13 21:18 - 2014-11-05 17:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-13 21:18 - 2014-11-05 17:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-13 21:18 - 2014-10-26 00:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-13 21:18 - 2014-10-26 00:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-13 21:18 - 2014-10-26 00:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-13 21:18 - 2014-10-26 00:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-13 21:18 - 2014-10-26 00:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-13 21:18 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-13 21:17 - 2014-10-26 00:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-13 21:17 - 2014-10-26 00:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-13 21:17 - 2014-10-26 00:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-13 21:17 - 2014-10-26 00:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-13 21:17 - 2014-10-26 00:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-13 21:17 - 2014-10-26 00:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-13 21:17 - 2014-10-26 00:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-13 21:17 - 2014-10-25 23:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-11-13 21:16 - 2014-10-14 01:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-13 21:16 - 2014-10-14 01:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-13 21:16 - 2014-10-14 01:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-13 21:16 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-13 21:16 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-10 19:04 - 2014-11-10 19:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-09 10:44 - 2014-11-11 20:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak 2014-10-18 11:43 - 2014-10-18 11:43 - 00000000 ____D () C:\Users\Norma\AppData\Local\Macromedia 2014-10-18 11:26 - 2014-10-18 11:26 - 00000000 ____D () C:\ProgramData\McAfee 2014-10-18 11:25 - 2014-11-16 15:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-18 11:25 - 2014-11-11 20:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-10-18 11:25 - 2014-11-11 20:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-16 15:43 - 2009-07-14 04:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-16 15:43 - 2009-07-14 04:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-16 15:42 - 2011-02-24 21:11 - 00000000 ____D () C:\Users\Norma\AppData\Local\CrashDumps 2014-11-16 15:39 - 2010-06-15 00:52 - 01079208 _____ () C:\Windows\WindowsUpdate.log 2014-11-16 14:39 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-16 00:14 - 2011-06-07 23:08 - 00000000 ___RD () C:\Users\Norma\Desktop\Security 2014-11-15 23:44 - 2010-05-05 11:12 - 00393022 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-15 23:30 - 2014-06-16 22:29 - 00000000 ____D () C:\Users\Norma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-11-15 23:28 - 2014-06-16 22:28 - 00000000 ____D () C:\Program Files\Sophos 2014-11-15 22:56 - 2007-07-12 01:49 - 00000000 ____D () C:\Windows\Panther 2014-11-15 18:11 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-14 17:03 - 2009-07-14 04:33 - 00339336 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-14 17:00 - 2014-05-07 17:01 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-14 01:51 - 2010-05-05 11:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-14 01:36 - 2013-07-19 16:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-14 01:30 - 2011-01-01 10:02 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-13 23:52 - 2011-06-07 22:55 - 00000000 ____D () C:\Users\Norma\AppData\Roaming\Malwarebytes 2014-11-13 23:51 - 2011-06-07 22:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-13 23:51 - 2011-06-07 22:55 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-11-12 08:53 - 2014-03-04 18:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-10-28 06:35 - 2011-02-20 12:53 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-18 11:26 - 2010-12-29 21:27 - 00000000 ____D () C:\Users\Norma\AppData\Local\Adobe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-16 10:53 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-11-2014 01 Ran by Norma at 2014-11-16 16:08:11 Running from C:\Users\Norma\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden 4500_G510gm_Help (Version: 000.0.440.000 - Hewlett-Packard) Hidden 4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510gm_starter (Version: 000.0.423.000 - Hewlett-Packard) Hidden Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (HKLM\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2002.1115 - Alps Electric) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.29 - Atheros Communications Inc.) avast! Internet Security (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software) Bejeweled 2 Deluxe (Version: 2.2.0.82 - WildTangent) Hidden Blasterball 3 (Version: 2.2.0.82 - WildTangent) Hidden Bob the Builder Can-Do-Zoo (Version: 2.2.0.82 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) Chicken Invaders 3 - Revenge of the Yolk (Version: 2.2.0.82 - WildTangent) Hidden Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden ENE USB Card Reader Driver (HKLM\...\F3C7F6463C419D1D216961B5B81E2FE534986562) (Version: 5.89.0.66 - ENE) Escape Rosecliff Island (Version: 2.2.0.82 - WildTangent) Hidden Faerie Solitaire (Version: 2.2.0.82 - WildTangent) Hidden FATE - The Traitor Soul (Version: 2.2.0.82 - WildTangent) Hidden HP IDF Software (HKLM\...\{974025B1-769B-49E9-817C-C638ABE8F372}) (Version: 11.15.1000 - Hewlett-Packard Company) HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP) Identity Card (HKLM\...\Identity Card) (Version: 1.00.3002 - Packard Bell) Insaniquarium Deluxe (Version: 2.2.0.82 - WildTangent) Hidden Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Jewel Quest (Version: 2.2.0.82 - WildTangent) Hidden Jewel Quest Solitaire 3 (Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM\...\LManager) (Version: 4.0.8 - Packard Bell) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Network (Version: 130.0.550.000 - Hewlett-Packard) Hidden Packard Bell Game Console (Version: - WildTangent) Hidden Packard Bell Games (HKLM\...\WildTangent packardbell Master Uninstall) (Version: 1.0.0.80 - WildTangent) Packard Bell InfoCentre (HKLM\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell) Packard Bell Power Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3002 - Packard Bell) Packard Bell Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Packard Bell) Packard Bell Registration (HKLM\...\Packard Bell Registration) (Version: 1.02.3006 - Packard Bell) Packard Bell Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell) Peggle (Version: 2.2.0.82 - WildTangent) Hidden Penguins! (Version: 2.2.0.82 - WildTangent) Hidden Polar Bowler (Version: 2.2.0.82 - WildTangent) Hidden Polar Golfer (Version: 2.2.0.82 - WildTangent) Hidden Polar Pool (Version: 2.2.0.82 - WildTangent) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.) Revo Uninstaller 1.91 (HKLM\...\Revo Uninstaller) (Version: 1.91 - VS Revo Group) Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Video Web Camera (HKLM\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 5.0.1.0 - liteon) Virtual Families (Version: 2.2.0.82 - WildTangent) Hidden Virtual Villagers - A New Home (Version: 2.2.0.82 - WildTangent) Hidden WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden Welcome Center (HKLM\...\Packard Bell Welcome Center) (Version: 1.01.3002 - Packard Bell) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Yahtzee (Version: 2.2.0.82 - WildTangent) Hidden Zuma Deluxe (Version: 2.2.0.82 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 31-10-2014 20:25:52 Windows Update 01-11-2014 13:59:16 Windows Update 02-11-2014 09:15:22 Windows Update 02-11-2014 14:39:57 Windows Update 04-11-2014 18:29:19 Windows Update 05-11-2014 08:50:59 Windows Update 06-11-2014 17:09:36 Windows Update 07-11-2014 18:22:28 Windows Update 09-11-2014 10:18:01 Windows Update 10-11-2014 18:46:48 Windows Update 11-11-2014 20:25:49 Windows Update 14-11-2014 01:27:42 Windows Update 15-11-2014 10:58:11 Windows Modules Installer 15-11-2014 20:00:06 Windows Update 15-11-2014 21:29:32 Windows Update 15-11-2014 23:10:03 Revo Uninstaller's restore point - Sophos Virus Removal Tool 15-11-2014 23:14:44 Revo Uninstaller's restore point - Sophos Virus Removal Tool 16-11-2014 14:52:28 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {D1F9C5AA-4BDA-484A-8D6B-4B7E5DC7F5B5} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-07-21] (AVAST Software) Task: {D81313B3-1C58-4793-9783-B3928E456459} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd) Task: {E295260C-FF64-4CE5-9A45-8E417BA3D34F} - System32\Tasks\{7BD24BE9-407D-452C-A793-1599F03B4BA5} => Iexplore.exe http://ui.skype.com/ui/0/4.1.0.179.370/en/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {FB0A7198-A871-402C-AF60-BA96357492F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-21 20:52 - 2014-07-21 20:52 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll 2014-11-15 17:54 - 2014-11-15 17:54 - 02903040 _____ () C:\Program Files\Alwil Software\Avast5\defs\14111501\algo.dll 2014-11-16 14:44 - 2014-11-16 14:44 - 02903040 _____ () C:\Program Files\Alwil Software\Avast5\defs\14111600\algo.dll 2014-07-21 20:52 - 2014-07-21 20:52 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll 2014-11-10 19:04 - 2014-11-10 19:06 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Norma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-2061290426-1330879846-2013246735-500 - Administrator - Disabled) Guest (S-1-5-21-2061290426-1330879846-2013246735-501 - Limited - Disabled) Norma (S-1-5-21-2061290426-1330879846-2013246735-1000 - Administrator - Enabled) => C:\Users\Norma ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/16/2014 03:42:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x13ac Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 03:41:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1448 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 03:39:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59 Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x1308 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (11/16/2014 03:39:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 33.1.0.5423 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: d98 Start Time: 01d001abe06f022e Termination Time: 1470 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: aed786e9-6da6-11e4-813b-88ae1d127725 Error: (11/16/2014 00:06:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x614 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 00:06:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xb08 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 00:04:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xe5c Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 00:04:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x468 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 00:03:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xed8 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/16/2014 00:03:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x544c16cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xee4 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 System errors: ============= Error: (11/16/2014 03:37:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7. Error: (11/16/2014 03:37:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Software Protection service failed to start due to the following error: %%1053 Error: (11/16/2014 03:37:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. Error: (11/16/2014 03:32:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. Error: (11/16/2014 03:30:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. Error: (11/16/2014 02:50:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (11/16/2014 02:39:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 Error: (11/15/2014 11:36:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 Error: (11/15/2014 09:38:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 Error: (11/15/2014 09:37:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2012-03-04 01:17:39.223 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Atom CPU N450 @ 1.66GHz Percentage of memory in use: 82% Total physical RAM: 1013.1 MB Available physical RAM: 174.67 MB Total Pagefile: 2434.78 MB Available Pagefile: 1208.81 MB Total Virtual: 2047.88 MB Available Virtual: 1914.59 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:135.94 GB) (Free:98.81 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: BDBD5BA8) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=135.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thanks Norma
  8. Hi Chris, Thanks for all your help I'll try to follow your guidance and hopefully won't need to visit your forum again Keep up the good work! Regards LOL
  9. Hi, I've done all of that As far as I can tell there are no issues now and everything seems to be working fine Thanks for all your help I guess you would recommend the full version of Malwarebytes? Is this a full security suite that would replace my anti-virus, or just an enhanced version of the free programme? LOL
  10. Logs attached as requested The checkup report seems to indicate I'm running Avast version 5, but it is version 6 (6.0.1289). Just to be sure I ran "update" and after a few minutes got the response that I'm running the latest programme with the latest definitions The system appears to be running fine now. I'm not experiencing any issues at all ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=fb100e2745a1b246aa9b1e4aa65d7f1a # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-05 02:08:54 # local_time=2011-11-05 02:08:54 (+0000, GMT Standard Time) # country="United Kingdom" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 32100926 32100926 0 0 # compatibility_mode=8192 67108863 100 0 293 293 0 0 # compatibility_mode=9217 16777214 75 70 31441467 37079972 0 0 # scanned=72537 # found=1 # cleaned=1 # scan_time=4904 C:\Documents and Settings\Owner\Local Settings\Temp\A9R5A17.tmp JS/Exploit.Pdfka.PFS.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=fb100e2745a1b246aa9b1e4aa65d7f1a # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-21 06:43:59 # local_time=2011-11-21 06:43:59 (+0000, GMT Standard Time) # country="United Kingdom" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 33499694 33499694 0 0 # compatibility_mode=8192 67108863 100 0 1399061 1399061 0 0 # compatibility_mode=9217 16777214 75 4 487690 487690 0 0 # scanned=142652 # found=0 # cleaned=0 # scan_time=5041 Results of screen317's Security Check version 0.99.28 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! avast! Free Antivirus ESET Online Scanner v3 ZoneAlarm Firewall ZoneAlarm Free ZoneAlarm Toolbar ZoneAlarm Security ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner (remove only) Java 6 Update 22 Java version out of date! Adobe Reader 9 (Adobe Reader out of date!) ```````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe ``````````End of Log````````````
  11. Logs posted as per your instructions ComboFix 11-11-15.06 - Owner 16/11/2011 1:40.5.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2039.1610 [GMT 0:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\regobj.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_rrdg . . ((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 ))))))))))))))))))))))))))))))) . . 2011-11-12 12:04 . 2011-11-16 01:21 -------- d-----w- c:\windows\Internet Logs 2011-11-12 12:03 . 2011-11-12 12:03 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint 2011-11-12 12:02 . 2011-11-12 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint 2011-11-05 12:42 . 2011-11-05 12:42 -------- d-----w- c:\program files\ESET . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-10 14:22 . 2003-03-03 22:57 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2002-09-23 22:10 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 11:41 . 2008-07-29 19:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 11:41 . 2006-05-11 21:58 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 11:41 . 2006-05-11 21:58 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 20:45 . 2010-10-29 23:52 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:45 . 2010-10-29 23:52 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-06 20:38 . 2011-05-26 15:29 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:37 . 2010-10-29 23:52 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-06 20:36 . 2010-10-29 23:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-06 20:36 . 2010-10-29 23:52 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-06 20:36 . 2010-10-29 23:52 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-09-06 20:36 . 2010-10-29 23:52 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-09-06 20:36 . 2010-10-29 23:52 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-09-06 20:33 . 2010-10-29 23:52 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-09-06 13:20 . 2003-01-01 15:41 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 17:00 . 2008-12-23 18:22 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 23:48 . 2006-05-11 21:59 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48 . 2006-05-11 21:57 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48 . 2006-05-11 21:56 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56 . 2008-11-03 16:33 385024 ----a-w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((( SnapShot_2011-11-10_16.22.18 ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-12 12:04 . 2011-11-12 12:04 62464 c:\windows\Installer\55938.msi + 2011-11-12 12:03 . 2011-11-12 12:03 28672 c:\windows\Installer\55931.msi + 2011-11-12 12:02 . 2011-11-12 12:02 41472 c:\windows\Installer\5592a.msi + 2011-11-10 17:18 . 2011-11-10 17:18 22016 c:\windows\Installer\36add3.msi + 2008-07-29 08:05 . 2008-07-29 08:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 08:05 . 2008-07-29 08:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 03:54 . 2008-07-29 03:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 05:23 . 2008-07-29 05:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll + 2008-07-29 05:23 . 2008-07-29 05:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll + 2008-07-29 03:51 . 2008-07-29 03:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll + 2011-11-09 20:01 . 2011-11-09 20:01 525840 c:\windows\system32\vsdatant.sys - 2002-09-23 22:10 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll + 2002-09-23 22:10 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-06-29 17:56 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet v series) - 1.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet v series) - 1.lnk backup=c:\windows\pss\HPAiODevice(hp officejet v series) - 1.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk backup=c:\windows\pss\reminder-ScanSoft Product Registration.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 13:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] 2003-08-19 02:56 852038 ----a-w- c:\windows\system32\nview.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2003-08-19 02:56 323584 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe] 2006-09-20 08:35 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26/05/2011 15:29 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29/10/2010 23:52 320856] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/10/2010 23:52 20568] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [03/11/2011 14:44 27016] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [03/11/2011 14:44 497280] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2011 16:57 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2011 16:57 136176] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [16/06/2010 21:32 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [16/06/2010 21:32 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [16/06/2010 21:32 42752] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [11/05/2006 21:59 14336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 16:57] . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 16:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://bt.yahoo.com uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://srch-qgb10.hpwis.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-16 02:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(648) c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'lsass.exe'(704) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'explorer.exe'(800) c:\windows\system32\WININET.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\progra~1\MI3AA1~1\rapimgr.exe . ************************************************************************** . Completion time: 2011-11-16 02:17:44 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-16 02:17 ComboFix2.txt 2011-11-10 16:37 . Pre-Run: 21,995,094,016 bytes free Post-Run: 21,976,731,648 bytes free . - - End Of File - - B2723D8219C4BB30837B33BACE2AB4E5 . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Owner at 2:25:29 on 2011-11-16 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2039.1559 [GMT 0:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Free Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://bt.yahoo.com uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://srch-qgb10.hpwis.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [iSW] mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe" IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224346127578 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228074168671 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-29 320856] R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-29 20568] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-29 44768] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176] S2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-6-16 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-6-16 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-6-16 42752] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-5-11 14336] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2011-11-12 12:04:28 -------- d-----w- c:\windows\Internet Logs 2011-11-12 12:03:55 -------- d-----w- c:\documents and settings\owner\application data\CheckPoint 2011-11-12 12:02:43 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint 2011-11-05 12:42:21 -------- d-----w- c:\program files\ESET . ==================== Find3M ==================== . 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 11:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 11:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 11:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 17:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 2:26:48.07 ===============
  12. Sorry, even on it's own the log was too long, so I've had to attach it LOL ComboFixlog.txt
  13. Hi Chris, Thanks for your help I tried to paste in the logs you asked for, but the post was too long so here's MBAM & DDS, I'll try sending the ComboFix log in a separate reply Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8132 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/11/2011 15:41:34 mbam-log-2011-11-10 (15-41-34).txt Scan type: Quick scan Objects scanned: 156858 Time elapsed: 5 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Owner at 17:02:26 on 2011-11-10 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2039.1474 [GMT 0:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://bt.yahoo.com uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://srch-qgb10.hpwis.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224346127578 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228074168671 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-29 320856] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-11-3 532224] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-29 20568] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-29 44768] S0 rrdg;rrdg;c:\windows\system32\drivers\redsk.sys --> c:\windows\system32\drivers\redsk.sys [?] S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192] S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-6-16 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-6-16 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-6-16 42752] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-5-11 14336] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2011-11-10 15:58:37 -------- d-----w- C:\ComboFix 2011-11-05 12:42:21 -------- d-----w- c:\program files\ESET . ==================== Find3M ==================== . 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-26 11:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 11:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 11:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 17:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec 2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys . ============= FINISH: 17:03:48.09 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 17/10/2008 16:42:48 System Uptime: 10/11/2011 16:18:36 (1 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series Processor: Intel® Pentium® 4 CPU 2.60GHz | Socket 478 | 2600/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 70 GiB total, 21.356 GiB free. D: is FIXED (FAT32) - 4 GiB total, 0.574 GiB free. E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 455.885 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1: 10/11/2011 15:59:03 - System Checkpoint . ==== Installed Programs ====================== . . 7-Zip 9.20 Acrobat.com Adobe AIR Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Reader 9 AiO_Scan AIOMinimal AiOSoftware Amazon MP3 Downloader 1.0.4 ArcSoft PhotoStudio 5.5 ArcSoft ShowBiz 2 Audacity 1.2.6 avast! Free Antivirus BT Broadband Desktop Help BT Broadband Support Tools BT Yahoo! Applications BTHomeHub Canon CanoScan Toolbox 5.0 Canon iP4500 series Canon iP4500 series User Registration Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu CanoScan 4400F CCleaner (remove only) CD-LabelPrint Coupon Printer DeepSkyStacker ESET Online Scanner v3 EZ Vinyl/Tape Converter 1.5.2.0 by MixMeister Fax GIMP 2.6.4 Google Update Helper GoToAssist Corporate Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Deskjet Preloaded Printer Drivers hp officejet v series HP PSC & OfficeJet 3.0 HP Software Update HpSdpAppCoreApp Intel® Extreme Graphics Driver InterVideo WinDVD Player Java Auto Updater Java 6 Update 22 KBD LAME v3.98.2 for Audacity Malwarebytes' Anti-Malware version 1.51.2.1300 Memories Disc Creator 2.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft ActiveSync Microsoft Bootvis Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Professional Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Neat Image v6 Demo (with plug-in) Noiseware Community Edition NVIDIA GART Driver OLYMPUS Master 2 OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 PC-Doctor for Windows Presto! PageManager 7.15.14 PrintScreen PS2 Python 2.2 combined Win32 extensions Python 2.2.1 Readme RecordNow! RegiStax 5.1 Revo Uninstaller 1.75 Scan ScanSoft OmniPage SE 4.0 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Serif PhotoPlus 9.0 Serif PhotoPlus 9.0 Resource CD-ROM Serif PhotoPlus Association File Formats Sonic Update Manager SonicStage 4.3 TextBridge Pro 98 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971930) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VLC media player 1.1.11 WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Yahoo! Toolbar ZoneAlarm . ==== Event Viewer Messages From Past Week ======== . 08/11/2011 14:51:11, error: Dhcp [1002] - The IP address lease 192.168.1.67 for the Network Card with network address 000C76A036CB has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message). 05/11/2011 07:35:37, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 05/11/2011 02:33:53, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant 05/11/2011 02:33:53, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning. 05/11/2011 02:33:53, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File ===========================
  14. I have now managed to regain control of the computer by running malwarebytes from a datastick in safe mode. It found and removed a handful of infections. I then ran a full scan with Avast which found another and finally ran a scan using the ESET online scanner which picked up and removed a Trojan. The machine seems to be ok now, but I've run the DDS scan tool and would appreciate advice on whether I am now actually clean - logs below . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Owner at 12:20:51 on 2011-11-06 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2039.1519 [GMT 0:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://bt.yahoo.com uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://srch-qgb10.hpwis.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" uPolicies-system: DisableTaskMgr = 0 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224346127578 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228074168671 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-29 320856] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-11-3 532224] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-29 20568] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-29 44768] S0 rrdg;rrdg;c:\windows\system32\drivers\redsk.sys --> c:\windows\system32\drivers\redsk.sys [?] S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192] S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-6-16 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-6-16 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-6-16 42752] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-5-11 14336] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2011-11-05 12:42:21 -------- d-----w- c:\program files\ESET 2011-11-04 13:22:15 95744 ----a-w- c:\documents and settings\owner\application data\dwlGina3.dll . ==================== Find3M ==================== . 2011-09-26 11:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 11:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 11:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 17:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec 2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys . ============= FINISH: 12:22:52.78 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 17/10/2008 16:42:48 System Uptime: 06/11/2011 11:29:40 (1 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series Processor: Intel® Pentium® 4 CPU 2.60GHz | Socket 478 | 2600/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 70 GiB total, 19.693 GiB free. D: is FIXED (FAT32) - 4 GiB total, 0.574 GiB free. E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 455.885 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . . 7-Zip 9.20 Acrobat.com Adobe AIR Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Reader 9 AiO_Scan AIOMinimal AiOSoftware Amazon MP3 Downloader 1.0.4 ArcSoft PhotoStudio 5.5 ArcSoft ShowBiz 2 Audacity 1.2.6 avast! Free Antivirus BT Broadband Desktop Help BT Broadband Support Tools BT Yahoo! Applications BTHomeHub Canon CanoScan Toolbox 5.0 Canon iP4500 series Canon iP4500 series User Registration Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu CanoScan 4400F CCleaner (remove only) CD-LabelPrint Coupon Printer DeepSkyStacker ESET Online Scanner v3 EZ Vinyl/Tape Converter 1.5.2.0 by MixMeister Fax GIMP 2.6.4 Google Update Helper GoToAssist Corporate Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Deskjet Preloaded Printer Drivers hp officejet v series HP PSC & OfficeJet 3.0 HP Software Update HpSdpAppCoreApp Intel® Extreme Graphics Driver InterVideo WinDVD Player Java Auto Updater Java 6 Update 22 KBD LAME v3.98.2 for Audacity Malwarebytes' Anti-Malware version 1.51.2.1300 Memories Disc Creator 2.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft ActiveSync Microsoft Bootvis Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Professional Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Neat Image v6 Demo (with plug-in) Noiseware Community Edition NVIDIA GART Driver OLYMPUS Master 2 OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 PC-Doctor for Windows Presto! PageManager 7.15.14 PrintScreen PS2 Python 2.2 combined Win32 extensions Python 2.2.1 Readme RecordNow! RegiStax 5.1 Revo Uninstaller 1.75 Scan ScanSoft OmniPage SE 4.0 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Serif PhotoPlus 9.0 Serif PhotoPlus 9.0 Resource CD-ROM Serif PhotoPlus Association File Formats Sonic Update Manager SonicStage 4.3 TextBridge Pro 98 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971930) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VLC media player 1.1.11 WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Yahoo! Toolbar ZoneAlarm . ==== Event Viewer Messages From Past Week ======== . 04/11/2011 13:42:22, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant 04/11/2011 13:42:22, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning. 04/11/2011 13:42:22, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning. 04/11/2011 13:41:40, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} . ==== End Of File ===========================
  15. Hi Miasma, That sounds like a sensible first step, I'll give it a try Thanks LOL