AnnaP

Members
  • Content Count

    9
  • Joined

  • Last visited

Community Reputation

0 Neutral

About AnnaP

  • Rank
    Newbie
  1. Wonderful, Noahdfear, I really appreaciate your help. Everything looks as it should and working fine. I'll check out the list you've pointed me at. Another happy customer! Anna
  2. Thanks Here's the Kaspersky log.... ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, December 07, 2007 10:27:50 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 7/12/2007 Kaspersky Anti-Virus database records: 475009 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 61329 Number of viruses found: 2 Number of infected objects: 6 Number of suspicious objects: 0 Duration of the scan process: 00:53:35 Infected Object Name / Virus Name / Last Action C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\Martin Edge\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Martin Edge\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Martin Edge\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Martin Edge\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Martin Edge\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\Martin Edge\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Martin Edge\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Martin Edge\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Martin Edge\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Martin Edge\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Martin Edge\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped C:\Martin\Proposals\ARC Energy Group\ARC Energy Present 6-1-03\Codec\DivXPro501GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3102 skipped C:\Martin\Proposals\ARC Energy Group\ARC Energy Present 6-1-03\Codec\DivXPro501GAINBundle.exe Vise: infected - 1 skipped C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\notes.dat Object is locked skipped C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\partner-700.dat Object is locked skipped C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\subscrip-2000.dat Object is locked skipped C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\survey.dat Object is locked skipped C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\updates-300.dat Object is locked skipped C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\urgent-800.dat Object is locked skipped C:\Program Files\BigFix\__Data\evesham\__Local\Tmp\evesham-100.dat Object is locked skipped C:\Program Files\BigFix\__Data\evesham\__Local\Tmp\Tips-700.dat Object is locked skipped C:\Program Files\BigFix\__Data\__Global\Logs\20071207.log Object is locked skipped C:\Program Files\CA\Etrust Antivirus\DB\rtmaster.dbf Object is locked skipped C:\Program Files\CA\Etrust Antivirus\DB\rtmaster.ntx Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{DF86A8A6-7FBA-4D8C-BDD8-6B65A5E1E70E}\RP757\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{129AD1FD-8FA7-4061-9AFE-324CAB8968A9}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. _____________________________________________________________________________________ ...and the 'Hijack this log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:57:25, on 07/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Citrix\ICA Client\pnagent.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HighjackThis\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.rgu.ac.uk/exchange/m.edge/inbox/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 7011 bytes ________________________________________________________________________________________________- The Kaspersky scan shows 2 viruses and 6 infected objects. Thanks Anna
  3. I've followed all the instructions and everything has run fine. Here's the DSS log (main bit): Deckard's System Scanner v20071014.68 Run by Martin Edge on 2007-12-06 08:54:47 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 75: 2007-12-06 08:54:56 UTC - RP756 - Deckard's System Scanner Restore Point 74: 2007-12-05 13:35:12 UTC - RP755 - System Checkpoint 73: 2007-12-04 07:45:23 UTC - RP754 - ComboFix created restore point 72: 2007-12-03 13:09:13 UTC - RP753 - System Checkpoint 71: 2007-11-30 10:14:00 UTC - RP752 - ComboFix created restore point -- First Restore Point -- 1: 2007-09-09 16:56:31 UTC - RP682 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 496 MiB (512 MiB recommended). -- HijackThis (run as Martin Edge.exe) ----------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:55:49, on 06/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Citrix\ICA Client\pnagent.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Martin Edge\Desktop\dss.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\HIGHJA~1\HIJACK~1\Martin Edge.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.rgu.ac.uk/exchange/m.edge/inbox/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/ O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 6894 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\HIGHJA~1\HIJACK~1\backups\) ----------- backup-20071130-101054-429 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20071206-084706-653 O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 INO_FLPY - c:\windows\system32\drivers\ino_flpy.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 7.X/6.X/4.X> R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7> R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver> R2 eugss (EUTRON SmartKey GSS2 Driver) - c:\windows\system32\drivers\eugssxp.sys <Not Verified; EUTRON; SmartKey GSS> R2 eusk2par (EUTRON SmartKey Parallel Driver) - c:\windows\system32\drivers\eusk2par.sys <Not Verified; EUTRON; Smartkey> R2 INO_FLTR - c:\windows\system32\drivers\ino_fltr.sys <Not Verified; Computer Associates; CA eTrust Antivirus/InoculateIT version 7.X/6.X> S2 MPManF50 (MPMan F50 USB Driver) - c:\windows\system32\drivers\mpmanf50.sys <Not Verified; MPMan.com,Inc.; MPMan-F50> S3 catchme - c:\docume~1\martin~1\locals~1\temp\catchme.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 EpsonBidirectionalService - c:\program files\epson\esm2\eebsvc.exe R2 InoRPC (eTrust Antivirus RPC Server) - "c:\program files\ca\etrust antivirus\inorpc.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus> R2 InoRT (eTrust Antivirus Realtime Server) - "c:\program files\ca\etrust antivirus\inort.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus> R2 InoTask (eTrust Antivirus Job Server) - "c:\program files\ca\etrust antivirus\inotask.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus> S3 Boonty Games - "c:\program files\common files\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-12-03 20:22:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-11-06 and 2007-12-06 ----------------------------- 2007-12-05 10:42:01 0 d-------- C:\WINDOWS\system32\LogFiles 2007-12-04 07:25:53 0 drahs---- C:\autorun.inf 2007-11-26 21:12:09 0 d-------- C:\Program Files\HighjackThis 2007-11-26 17:50:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2007-11-26 17:50:14 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-11-26 17:50:14 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-11-26 17:50:14 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-11-26 17:50:14 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2007-11-26 17:50:14 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-11-26 17:50:14 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-11-26 17:50:14 0 dr------- C:\Documents and Settings\Administrator\My Documents 2007-11-26 17:50:14 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-11-26 17:50:14 0 dr------- C:\Documents and Settings\Administrator\Favorites 2007-11-26 17:50:14 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-11-26 17:50:14 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2007-11-26 17:50:14 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-11-26 17:50:14 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-11-26 17:50:13 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-11-26 17:33:04 2960 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-22 20:26:03 0 d-------- C:\Program Files\Enigma Software Group -- Find3M Report --------------------------------------------------------------- 2007-11-22 21:16:55 0 d-------- C:\Documents and Settings\Martin Edge\Application Data\AVG7 2007-11-17 15:56:10 0 d-------- C:\Program Files\FinePixViewer 2007-10-20 10:03:59 0 d-------- C:\Documents and Settings\Martin Edge\Application Data\Identities 2007-10-15 14:11:41 0 d-------- C:\Documents and Settings\Martin Edge\Application Data\AdobeUM 2007-10-09 19:59:02 0 d-------- C:\Program Files\GPLGS 2007-10-09 19:52:58 0 d-------- C:\Program Files\Acro Software 2007-09-17 18:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2007-09-17 18:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2007-09-17 18:22:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2007-09-17 18:22:58 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [31/01/2005 15:09] "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [06/04/2004 17:14] "Cmaudio"="cmicnfg.cpl" [07/01/2004 15:14 C:\WINDOWS\CMICNFG.CPL] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/03/2003 18:24] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/03/2003 18:11] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [28/02/2005 22:50] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [27/08/2005 13:30] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 21:32] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [25/10/2007 07:32] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 08:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/06/2007 15:51] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [03/06/2004 21:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00] "RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [08/11/2006 15:34] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [25/07/2007 17:48] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [17/03/2005 11:43:15] DSLMON.lnk - C:\Program Files\Zoom Telephonics, Inc.\Zoom ADSL USB Modem\dslmon.exe [26/08/2005 16:39:58] EPSON Background Monitor.lnk - C:\Program Files\EPSON\ESM2\STMS.exe [07/06/1999 10:11:18] Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [09/05/2006 19:01:12] Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [29/11/2005 16:16:14] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoPropertiesRecycleBin"=0 (0x0) "NoPropertiesMyComputer"=0 (0x0) "NoPropertiesMyDocuments"=0 (0x0) "NoDesktopCleanupWizard"=0 (0x0) "DisablePersonalDirChange"=0 (0x0) "NoSimpleStartMenu"=0 (0x0) "NoChangeStartMenu"=0 (0x0) "NoNetworkConnections"=0 (0x0) "NoSetTaskbar"=0 (0x0) "NoToolbarsOnTaskbar"=0 (0x0) "NoStartMenuNetworkPlaces"=0 (0x0) "NoSMMyDocs"=0 (0x0) "NoSMHelp"=0 (0x0) "NoManageMyComputerVerb"=0 (0x0) "NoSecConsole"=0 (0x0) "NoSharedDocuments"=0 (0x0) "NoSecurityTab"=0 (0x0) "NoHardwareTab"=0 (0x0) "NoFileMenu"=0 (0x0) "NoNetConnectDisconnect"=0 (0x0) -- End of Deckard's System Scanner: finished at 2007-12-06 08:56:45 ------------ And here's the Extra bit: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Celeron® CPU 2.93GHz Percentage of Memory in Use: 71% Physical Memory (total/avail): 495.48 MiB / 139.7 MiB Pagefile Memory (total/avail): 1158.29 MiB / 893.6 MiB Virtual Memory (total/avail): 2047.88 MiB / 1931.16 MiB C: is Fixed (NTFS) - 149.05 GiB total, 119.77 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD1600JB-00GVC0 - 149.05 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 149.05 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: AVG 7.5.503 v7.5.503 (Grisoft) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Martin Edge\Application Data AVENGINE=C:\PROGRA~1\CA\SHARED~1\SCANEN~1 CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YOUR-5A76E71088 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Martin Edge INOCULAN=C:\PROGRA~1\CA\ETRUST~1 LOGONSERVER=\\YOUR-5A76E71088 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0304 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp TMP=C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp USERDOMAIN=YOUR-5A76E71088 USERNAME=Martin Edge USERPROFILE=C:\Documents and Settings\Martin Edge windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Martin Edge (admin) Administrator (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A00000000001} Adobe Reader Multimedia Package --> MsiExec.exe /I{AC76BA86-7AD7-EF45-47A7-7E8A45A00001} Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5} AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll" C-MAP NT PC Selector --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FE167F9A-EDD3-4677-8B3E-F9789FA3FCB3} C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe CA eTrust Antivirus --> MsiExec.exe /X{99747F0D-D4F8-4877-9CA0-4AE96D963633} Chart Catalogue --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Chart Catalogue\Uninst.isu" CNXT V92 Data Fax Voice --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F01&SUBSYS_9305141C\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F01&SUBSYS_9305141C CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r EPSON Status Monitor 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{87C51198-5A95-4577-9F47-B953D862FA90} eTrust Registration --> MsiExec.exe /X{6BFF4534-7608-41F0-85F7-31A0569D8960} FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9 FinePixViewer Ver.5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9 FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE" Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" GPS Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{219BB7DF-83BA-44C6-A362-D17981FBD285}\Setup.exe" HijackThis 2.0.2 --> "C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe" /uninstall ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9 Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 Intel® PRO Network Adapters and Drivers --> Prounstl.exe iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765} Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050} Learning Ladder 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC0BA581-E3EC-11D5-9194-00105A68CFFF}\setup.exe" MetaFrame Presentation Server Client --> MsiExec.exe /I{DF1D5FEC-D67C-43C8-9230-41F5DF350196} Microsoft Entertainment Pack: The Puzzle Collection --> C:\Program Files\Microsoft Games\Puzzle Collection\Uninstal.exe /uninstall Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} MPMan Manager F50 V2.1 --> C:\PROGRA~1\MPMANF~1\UNWISE.EXE C:\PROGRA~1\MPMANF~1\INSTALL.LOG PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328} RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9 RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Roxio Easy Media Creator 7 Basic DVD Edition --> MsiExec.exe /I{747D1B34-A1FC-4EF3-A6AE-E86F39CEFDE5} SmartKey Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB3ED071-8BE8-4E2D-BE04-993F1FDBDA35}\Setup.exe" -l0x9 Software-On-Board SOBv90 --> C:\SOBv90\uninst.exe Sonic CinePlayer --> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511} Tide Plotter 2006 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Belfield Software\Tide Plotter 2006\Uninst.isu" Zoom ADSL USB Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD> -l0x9 -L0x9 -- Application Event Log ------------------------------------------------------- Event Record #/Type1961 / Error Event Submitted/Written: 12/05/2007 03:19:57 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application acrord32.exe, version 6.0.1.1091, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Processing media-specific event for [acrord32.exe!ws!] Event Record #/Type1960 / Error Event Submitted/Written: 12/05/2007 10:37:56 AM Event ID/Source: 1002 / Application Hang Event Description: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type1959 / Error Event Submitted/Written: 12/05/2007 10:37:37 AM Event ID/Source: 1002 / Application Hang Event Description: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type1949 / Warning Event Submitted/Written: 12/04/2007 07:47:18 AM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type1941 / Warning Event Submitted/Written: 11/30/2007 04:48:22 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type5053 / Error Event Submitted/Written: 12/06/2007 08:53:59 AM Event ID/Source: 7000 / Service Control Manager Event Description: The MPMan F50 USB Driver service failed to start due to the following error: %%1058 Event Record #/Type5052 / Error Event Submitted/Written: 12/06/2007 08:53:59 AM Event ID/Source: 7000 / Service Control Manager Event Description: The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: %%1058 Event Record #/Type5047 / Error Event Submitted/Written: 12/05/2007 07:58:23 PM Event ID/Source: 1002 / Dhcp Event Description: The IP address lease 192.168.1.100 for the Network Card with network address 001109EDCCDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Event Record #/Type5046 / Warning Event Submitted/Written: 12/05/2007 04:39:17 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type5042 / Warning Event Submitted/Written: 12/05/2007 10:39:51 AM Event ID/Source: 1003 / Dhcp Event Description: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001109EDCCDE. The following error occurred: %%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. -- End of Deckard's System Scanner: finished at 2007-12-06 08:56:45 ------------ Thanks, Noahdfear. Anna
  4. You're doing wonders here, Noahdfear. thanks again. Command output: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmaphole] @="" "GROUP"="Extended Base" "ERRORCONTROL"=dword:00000001 "START"=dword:00000002 "TYPE"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmaphole\Enum] "0"="Root\\LEGACY_CMAPHOLE" "Count"=dword:00000001 "NextInstance"=dword:00000001 And HighjackThis output: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:54:20, on 05/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\WISPTIS.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HighjackThis\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.rgu.ac.uk/exchange/m.edge/inbox/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/ O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 6909 bytes Anna
  5. Here's the log from this run of ComboFix - please note I've run the Flash Disinfector against all my flash drives, but not yet against the USB-connected hard drive. It's connected to the computer all the time, but powered off & on as needed, mostly used to back up data from C drive. Hope this helps... ComboFix 07-11-19.4C - Martin Edge 2007-12-04 7:45:41.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.137 [GMT 0:00] Running from: C:\Documents and Settings\Martin Edge\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Martin Edge\Desktop\CFScript.txt * Created a new restore point FILE C:\Documents and Settings\Martin Edge\wn852.exe C:\WINDOWS\system32\2032.lps C:\WINDOWS\system32\msanton.exe C:\WINDOWS\system32\opseti C:\WINDOWS\system32\timoty.exe C:\WINDOWS\trayicons.exe C:\WINDOWS\windisk.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Martin Edge\wn852.exe C:\WINDOWS\system32\2032.lps C:\WINDOWS\system32\opseti C:\WINDOWS\trayicons.exe C:\WINDOWS\windisk.dll . ((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))) . 2007-11-26 21:12 <DIR> d-------- C:\Program Files\HighjackThis 2007-11-26 17:33 2,960 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-22 20:26 <DIR> d-------- C:\Program Files\Enigma Software Group . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 06:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2007-11-22 21:16 --------- d-----w C:\Documents and Settings\Martin Edge\Application Data\AVG7 2007-11-17 15:56 --------- d-----w C:\Program Files\FinePixViewer 2007-10-15 14:11 --------- d-----w C:\Documents and Settings\Martin Edge\Application Data\AdobeUM 2007-10-09 19:59 --------- d-----w C:\Program Files\GPLGS 2007-10-09 19:52 --------- d-----w C:\Program Files\Acro Software 2007-10-05 12:16 --------- d-----w C:\Documents and Settings\Martin Edge\Application Data\DivX 2005-11-03 14:47 252 ----a-w C:\Documents and Settings\Martin Edge\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00] "RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-11-08 15:34] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 17:48] "froody"="C:\WINDOWS\system32\timoty.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-01-31 15:09] "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14] "Cmaudio"="RunDll32 cmicnfg.cpl" [] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-03-11 18:24] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-03-11 18:11] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-28 22:50] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-27 13:30] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 07:32] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 21:05] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 07:32] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-03-17 11:43:15] DSLMON.lnk - C:\Program Files\Zoom Telephonics, Inc.\Zoom ADSL USB Modem\dslmon.exe [2005-08-26 16:39:58] EPSON Background Monitor.lnk - C:\Program Files\EPSON\ESM2\STMS.exe [1999-06-07 10:11:18] Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-05-09 19:01:12] Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [2005-11-29 16:16:14] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) "NoToolbarsOnTaskbar"= 0 (0x0) R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys R2 cmaphole;cmaphole;C:\WINDOWS\system32\drivers\cmaphole.sys R2 eugss;EUTRON SmartKey GSS2 Driver;\??\C:\WINDOWS\system32\Drivers\eugssxp.sys R2 eusk2par;EUTRON SmartKey Parallel Driver;\??\C:\WINDOWS\system32\Drivers\eusk2par.sys S2 MPManF50;MPMan F50 USB Driver;C:\WINDOWS\system32\Drivers\MPManF50.sys S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae2e3ea-07e1-11da-8ab5-001109edccde}] \Shell\AutoRun\command - E:\autorun.exe . Contents of the 'Scheduled Tasks' folder "2007-12-03 20:22:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 07:48:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-04 7:49:41 - machine was rebooted C:\ComboFix2.txt ... 2007-11-30 10:20 . --- E O F --- For info - PC behaving much better now. Haven't seen a pop-up for a while, and Control panel is back, even after rebooting. Homepage is staying at my setting too. Feeling optimistic... am I clear? THanks again Anna
  6. Thanks again for help - we've got several flash drives, I'm just making sure I've found them all and run the exe against them before posting anything else. Just so I'm sure - should I run it also against the USB-connected portable disk drive that I have? or is it only relevant to the stick-things? Anna
  7. Huge thanks for looking at this... Here's the current output from Highjack This: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:48:03, on 03/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Citrix\ICA Client\pnagent.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe c:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\HighjackThis\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.rgu.ac.uk/exchange/m.edge/inbox/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\timoty.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: setings.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe O4 - Global Startup: startup.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/ O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 7275 bytes Anna
  8. Thanks I've done as you suggested and seem to have regained control over the Control Panel. Below is the log created by 'Combofix' as requested. Thanks for your help AnnaP _____________________________________________________________________________________________ ComboFix 07-11-19.4C - Martin Edge 2007-11-30 10:14:19.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.188 [GMT 0:00] Running from: C:\Documents and Settings\Martin Edge\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))) . 2007-11-26 21:12 <DIR> d-------- C:\Program Files\HighjackThis 2007-11-22 20:26 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-11-22 11:19 800 --a------ C:\WINDOWS\system32\2032.lps 2007-11-22 11:05 3,250 --a------ C:\WINDOWS\system32\opseti 2007-11-22 10:53 6,144 --a------ C:\WINDOWS\system32\msanton.exe 2007-11-22 09:48 28,417 --a------ C:\Documents and Settings\Martin Edge\wn852.exe 2007-10-09 19:59 <DIR> d-------- C:\Program Files\GPLGS 2007-10-09 19:53 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll 2007-10-09 19:52 <DIR> d-------- C:\Program Files\Acro Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-30 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2007-11-22 21:16 --------- d-----w C:\Documents and Settings\Martin Edge\Application Data\AVG7 2007-11-22 13:42 6,144 ----a-w C:\WINDOWS\system32\timoty.exe 2007-11-22 10:06 15,872 ----a-w C:\WINDOWS\windisk.dll 2007-11-22 09:48 28,417 ----a-w C:\WINDOWS\trayicons.exe 2007-11-17 15:56 --------- d-----w C:\Program Files\FinePixViewer 2007-10-15 14:11 --------- d-----w C:\Documents and Settings\Martin Edge\Application Data\AdobeUM 2007-10-05 12:16 --------- d-----w C:\Documents and Settings\Martin Edge\Application Data\DivX 2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2005-11-03 14:47 252 ----a-w C:\Documents and Settings\Martin Edge\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00] "RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-11-08 15:34] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 17:48] "froody"="C:\WINDOWS\system32\timoty.exe" [2007-11-22 13:42] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-01-31 15:09] "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14] "Cmaudio"="RunDll32 cmicnfg.cpl" [] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-03-11 18:24] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-03-11 18:11] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-28 22:50] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-27 13:30] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 07:32] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 21:05] "version"="C:\WINDOWS\system32\timoty.exe" [2007-11-22 13:42] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 07:32] C:\Documents and Settings\Martin Edge\Start Menu\Programs\Startup\ setings.exe [2007-11-22 13:42:33] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-03-17 11:43:15] DSLMON.lnk - C:\Program Files\Zoom Telephonics, Inc.\Zoom ADSL USB Modem\dslmon.exe [2005-08-26 16:39:58] EPSON Background Monitor.lnk - C:\Program Files\EPSON\ESM2\STMS.exe [1999-06-07 10:11:18] Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-05-09 19:01:12] Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [2005-11-29 16:16:14] startup.exe [2007-11-22 13:42:33] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 1 (0x1) "DisableTaskMgr"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 1 (0x1) "DisableTaskMgr"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) "NoToolbarsOnTaskbar"= 0 (0x0) "NoControlPanel"= 1 (0x1) "NoWindowsUpdate"= 1 (0x1) R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys R2 cmaphole;cmaphole;C:\WINDOWS\system32\drivers\cmaphole.sys R2 eugss;EUTRON SmartKey GSS2 Driver;\??\C:\WINDOWS\system32\Drivers\eugssxp.sys R2 eusk2par;EUTRON SmartKey Parallel Driver;\??\C:\WINDOWS\system32\Drivers\eusk2par.sys S2 MPManF50;MPMan F50 USB Driver;C:\WINDOWS\system32\Drivers\MPManF50.sys S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae2e3ea-07e1-11da-8ab5-001109edccde}] \Shell\AutoRun\command - E:\autorun.exe . Contents of the 'Scheduled Tasks' folder "2007-11-26 20:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-30 10:19:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-30 10:20:02 - machine was rebooted . --- E O F ---
  9. Hello – hope you can help. For several days I’ve been getting popups every 5 mins or so saying “Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unathorised access to your files! Click YES to download spyware remover... “ (Spelling mistakes are theirs! Link leads to SpyHunter website). Other symptoms are: 1) AVG resident shield comes up with warning about ksacre.exe often – heals, but keeps coming back. 2) Homepage is always reset to www.google.com at reboot, although keeps my setting between reboots. 3) Many options in Control Panel now unusable. I get “This operation has been cancelled due to restrictions in effect on this computer. Please contact your System Administrator†4) Sometimes redirected to a website which claims to be running a AVSystemCare scan. Have dabbled a bit (sorry!) and run SmitFraudfix.exe, including Clean option; made no difference. Will include the log. Here’s the Highjackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:14:56, on 26/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\WINDOWS\system32\timoty.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\spider.exe C:\Program Files\HighjackThis\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by evesham.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\timoty.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [startUp] C:\WINDOWS\trayicons.exe /optimize speed O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: setings.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe O4 - Global Startup: startup.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/ O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\sol629.txt O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 7354 bytes Also the Ad-Aware log: Ad-Aware SE Build 1.06r1 Logfile Created on:26 November 2007 18:49:10 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R205 26.11.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):12 total references Tracking Cookie(TAC index:3):2 total references Windows(TAC index:3):3 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 26-11-2007 18:49:10 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Martin Edge\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\office\11.0\access\settings Description : list of recently opened documents in microsoft access MRU List Object Recognized! Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 576 ThreadCreationTime : 26-11-2007 18:00:43 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 640 ThreadCreationTime : 26-11-2007 18:00:44 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 664 ThreadCreationTime : 26-11-2007 18:00:45 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 712 ThreadCreationTime : 26-11-2007 18:00:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 724 ThreadCreationTime : 26-11-2007 18:00:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 892 ThreadCreationTime : 26-11-2007 18:00:47 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 972 ThreadCreationTime : 26-11-2007 18:00:47 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1068 ThreadCreationTime : 26-11-2007 18:00:47 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1172 ThreadCreationTime : 26-11-2007 18:00:48 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1280 ThreadCreationTime : 26-11-2007 18:00:49 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1528 ThreadCreationTime : 26-11-2007 18:00:50 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1592 ThreadCreationTime : 26-11-2007 18:00:50 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1872 ThreadCreationTime : 26-11-2007 18:00:53 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : RUNDLL.EXE #:14 [igfxtray.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1880 ThreadCreationTime : 26-11-2007 18:00:53 BasePriority : Normal FileVersion : 3,0,0,2082 ProductVersion : 7,0,0,2082 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : igfxTray Module InternalName : IGFXTRAY LegalCopyright : Copyright 1999-2003, Intel Corporation OriginalFilename : IGFXTRAY.EXE #:15 [hkcmd.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1888 ThreadCreationTime : 26-11-2007 18:00:53 BasePriority : Normal FileVersion : 3,0,0,2082 ProductVersion : 7,0,0,2082 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD LegalCopyright : Copyright 1999-2003, Intel Corporation OriginalFilename : HKCMD.EXE #:16 [drgtodsc.exe] FilePath : C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\ ProcessID : 1916 ThreadCreationTime : 26-11-2007 18:00:54 BasePriority : Normal FileVersion : 7.1.0.219 ProductVersion : 7.1.0.219 ProductName : Drag-to-Disc CompanyName : Roxio FileDescription : Drag To Disc Application InternalName : D2D LegalCopyright : Copyright © 1994-2004 Roxio, Inc. LegalTrademarks : Copyright © 1994-2004 Roxio, Inc. OriginalFilename : BurnCtrl.EXE #:17 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ProcessID : 1928 ThreadCreationTime : 26-11-2007 18:00:54 BasePriority : Normal FileVersion : 0.1.0.3018 ProductVersion : 0.1.0.3018 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:18 [avgcc.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 1944 ThreadCreationTime : 26-11-2007 18:00:55 BasePriority : Normal FileVersion : 7.5.0.497 ProductVersion : 7.5.0.497 ProductName : AVG Anti-Virus system CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2007 GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:19 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ProcessID : 1972 ThreadCreationTime : 26-11-2007 18:00:55 BasePriority : Normal FileVersion : 7.1.6 ProductVersion : QuickTime 7.1.6 ProductName : QuickTime CompanyName : Apple Inc. FileDescription : QuickTime Task InternalName : QuickTime Task LegalCopyright : Copyright Apple Inc. 1989-2007 OriginalFilename : QTTask.exe #:20 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 1980 ThreadCreationTime : 26-11-2007 18:00:55 BasePriority : Normal FileVersion : 7.2.0.35 ProductVersion : 7.2.0.35 ProductName : iTunes CompanyName : Apple Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2007 Apple Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:21 [jusched.exe] FilePath : C:\Program Files\Java\j2re1.4.2_05\bin\ ProcessID : 1992 ThreadCreationTime : 26-11-2007 18:00:56 BasePriority : Normal #:22 [timoty.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2000 ThreadCreationTime : 26-11-2007 18:00:56 BasePriority : Normal #:23 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 2008 ThreadCreationTime : 26-11-2007 18:00:56 BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:24 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2020 ThreadCreationTime : 26-11-2007 18:00:56 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:25 [googletoolbarnotifier.exe] FilePath : C:\Program Files\Google\GoogleToolbarNotifier\ ProcessID : 2044 ThreadCreationTime : 26-11-2007 18:00:56 BasePriority : Normal FileVersion : 2, 0, 301, 1654 ProductVersion : 2, 0, 301, 1654 ProductName : GoogleToolbarNotifier CompanyName : Google Inc. FileDescription : GoogleToolbarNotifier LegalCopyright : Copyright © 2005-2007 OriginalFilename : GoogleToolbarNotifier.exe #:26 [bigfix.exe] FilePath : C:\Program Files\BigFix\ ProcessID : 228 ThreadCreationTime : 26-11-2007 18:00:58 BasePriority : Normal FileVersion : 1, 6, 1, 6 ProductVersion : 1, 6, 1, 6 ProductName : BigFix CompanyName : BigFix Inc. FileDescription : BigFix Client Application InternalName : BigFix LegalCopyright : Copyright © 2000 OriginalFilename : BigFix.exe #:27 [dslmon.exe] FilePath : C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\ ProcessID : 300 ThreadCreationTime : 26-11-2007 18:00:58 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DSLMON Application FileDescription : ADIMON MFC Application InternalName : DSLMON LegalCopyright : Copyright © 2000 OriginalFilename : ADIMON.EXE #:28 [quickdcf.exe] FilePath : C:\Program Files\FinePixViewer\ ProcessID : 424 ThreadCreationTime : 26-11-2007 18:00:59 BasePriority : Normal FileVersion : 5, 0, 0, 2 ProductVersion : 5, 0, 0, 2 ProductName : FinePixViewer CompanyName : FUJI PHOTO FILM CO., LTD. FileDescription : Exif Launcher InternalName : QuickDCF LegalCopyright : Copyright 2000-2004 FUJI PHOTO FILM CO.,LTD. OriginalFilename : QuickDCF.exe #:29 [eebsvc.exe] FilePath : C:\Program Files\EPSON\ESM2\ ProcessID : 244 ThreadCreationTime : 26-11-2007 18:01:01 BasePriority : Normal #:30 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 1040 ThreadCreationTime : 26-11-2007 18:01:02 BasePriority : Normal FileVersion : 7.5.0.496 ProductVersion : 7.5.0.496 ProductName : AVG Anti-Virus system CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2007 GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:31 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 1060 ThreadCreationTime : 26-11-2007 18:01:03 BasePriority : Normal FileVersion : 7.5.0.420 ProductVersion : 7.5.0.420 ProductName : AVG 7.5 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2006 GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:32 [inorpc.exe] FilePath : C:\Program Files\CA\eTrust Antivirus\ ProcessID : 1236 ThreadCreationTime : 26-11-2007 18:01:03 BasePriority : Normal FileVersion : 7.1.192.0 ProductVersion : 7.1.192.0 ProductName : eTrust Antivirus CompanyName : Computer Associates International, Inc. InternalName : InoRpc.exe LegalCopyright : Copyright 2004 Computer Associates International, Inc. LegalTrademarks : eTrust is a trademark of Computer Associates Int'l, Inc. OriginalFilename : InoRpc.exe Comments : eTrust Antivirus English Version #:33 [inort.exe] FilePath : C:\Program Files\CA\eTrust Antivirus\ ProcessID : 1276 ThreadCreationTime : 26-11-2007 18:01:03 BasePriority : Normal FileVersion : 7.1.192.0 ProductVersion : 7.1.192.0 ProductName : eTrust Antivirus CompanyName : Computer Associates International, Inc. InternalName : InoRT.dll LegalCopyright : Copyright 2004 Computer Associates International, Inc. LegalTrademarks : eTrust is a trademark of Computer Associates Int'l, Inc. OriginalFilename : InoRT.dll Comments : eTrust Antivirus English Version #:34 [inotask.exe] FilePath : C:\Program Files\CA\eTrust Antivirus\ ProcessID : 1364 ThreadCreationTime : 26-11-2007 18:01:04 BasePriority : Normal FileVersion : 7.1.192.0 ProductVersion : 7.1.192.0 ProductName : eTrust Antivirus CompanyName : Computer Associates International, Inc. InternalName : InoTask.exe LegalCopyright : Copyright 2004 Computer Associates International, Inc. LegalTrademarks : eTrust is a trademark of Computer Associates Int'l, Inc. OriginalFilename : InoTask.exe Comments : eTrust Antivirus English Version #:35 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\ ProcessID : 1816 ThreadCreationTime : 26-11-2007 18:01:06 BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:36 [ipodservice.exe] FilePath : C:\Program Files\iPod\bin\ ProcessID : 2660 ThreadCreationTime : 26-11-2007 18:01:14 BasePriority : Normal FileVersion : 7.2.0.35 ProductVersion : 7.2.0.35 ProductName : iTunes CompanyName : Apple Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2007 Apple Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:37 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2968 ThreadCreationTime : 26-11-2007 18:01:15 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:38 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3716 ThreadCreationTime : 26-11-2007 18:02:14 BasePriority : Normal #:39 [msimn.exe] FilePath : C:\Program Files\Outlook Express\ ProcessID : 3028 ThreadCreationTime : 26-11-2007 18:25:42 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Outlook Express InternalName : MSIMN LegalCopyright : © 2004 Microsoft Corporation. All rights reserved. OriginalFilename : MSIMN.EXE #:40 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3924 ThreadCreationTime : 26-11-2007 18:48:53 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Windows Object Recognized! Type : RegData Data : TAC Rating : 3 Category : Vulnerability Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\policies\system Value : DisableTaskMgr Data : Windows Object Recognized! Type : RegData Data : TAC Rating : 3 Category : Vulnerability Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\policies\system Value : DisableRegistryTools Data : Windows Object Recognized! Type : RegData Data : explorer.exe c:\windows\system32\msanton.exe TAC Rating : 3 Category : Vulnerability Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows nt\currentversion\winlogon Value : Shell Data : explorer.exe c:\windows\system32\msanton.exe Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 15 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : martin [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookie:martin [email protected]/ Expires : 25-11-2008 18:08:54 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : martin [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:martin [email protected]/ Expires : 26-11-2007 17:32:32 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 17 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 17 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 17 19:06:40 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:17:30.0 Objects scanned:199868 Objects identified:5 Objects ignored:0 New critical objects:5 And finally the output from the cleaning run of SmitFraudfix: SmitFraudFix v2.255 Scan done at 17:54:42.75, 26/11/2007 Run from C:\Documents and Settings\Martin Edge\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\bronto.dll Deleted C:\WINDOWS\system32\winter.exe Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{8E1F6918-567C-49A5-AC07-8114F06F181F}: DhcpNameServer=62.241.162.200 62.241.163.200 HKLM\SYSTEM\CS1\Services\Tcpip\..\{8E1F6918-567C-49A5-AC07-8114F06F181F}: DhcpNameServer=62.241.162.200 62.241.163.200 HKLM\SYSTEM\CS3\Services\Tcpip\..\{8E1F6918-567C-49A5-AC07-8114F06F181F}: DhcpNameServer=62.241.162.200 62.241.163.200 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.241.162.200 62.241.163.200 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.241.162.200 62.241.163.200 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=62.241.162.200 62.241.163.200 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll Thanks for any help you can give! Anna »»»»»»»»»»»»»»»»»»»»»»»» End