1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: boot & explorer.exe problems

Discussion in 'Hardware' started by dayflyer, Apr 22, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. dayflyer

    dayflyer Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    19
    Dell Dimension 3000
    MS Windows XP Home SP3
    Intel Celeron CPU 2.66GHz
    2.0GB RAM
    Intel 82865G Graphics Controller

    Computer is not booting correctly every time. When it boots incorrectly there is a strange sound from the computer as if the disc is trying to get going and it then asks to press F1 for reboot or F2 for menu - I have found the best practice is to press F2 then wait until strange noise stops then press escape and the boot then works except that it does not boot the second internal hard disc (H Drive) that I added. The second disc boots if a restart is done. Before this problem with booting everything worked OK. The I Drive showing on the log is an external drive I am using at present because of the problems of booting the internal H Drive.

    The other problem is with explorer.exe using all the CPU memory when I work with video and the only way out seems to be to switch off the computer & start again. I have also done this:

    1. Open up regedit
    2. Goto HKEY_CLASSES_ROOT\SystemFileAssociations\.avi\shellex\PropertyHandler
    3. Delete the "Default" value which should be "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"

    but it has made no difference.

    I have done a hijackthis.log as below:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:49:49, on 22/04/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\LG USB Drive 2.9\LG_Drive.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe
    C:\Program Files\COSMOTE\Internet On the Go\AutoUpdateSrv.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    I:\ProgramFiles\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lycos.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kypros.org/LearnGreek/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [LG Drive] C:\Program Files\LG USB Drive 2.9\LG_Drive.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [EPSON Stylus Photo R360 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\WINDOWS\TEMP\E_S14D.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: TP-LINK Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe
    O4 - Global Startup: Update Agent.lnk = ?
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211826202359
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211826062765
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 15076 bytes

    Any help will be appreciated
    Thanks
     
  2. dayflyer

    dayflyer Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    19
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    Download to Desktop: DDS by sUBs from one of these locations:

    http://download.bleepingcomputer.com/sUBs/dds.com
    http://download.bleepingcomputer.com/sUBs/dds.scr
    http://www.forospyware.com/sUBs/dds

    double click DDS.scr to run

    When complete, DDS.txt will open.

    Click Yes for Optional Scan.
    Save both reports to your desktop.
    DDS.txt
    Attach.txt

    Attach the contents of both logs back here.

    download gmer rootkit detector from http://gmer.net

    unzip it & double click the gmer.exe file

    It will do a quick scan automatically, when that finishes if it says "rootkit activity detected" then Stop there & press copy & post back the log it makes.
    Do NOT allow it to perform a full scan at this time

    If there is No warning of rootkit activity then select the rootkit tab & press scan. When it finishes press copy & post back the log it makes
     
  4. dayflyer

    dayflyer Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    19
    Here is DDS.txt and attach.txt has been zipped and attached.

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Kenneth Lobley at 11:53:57.30 on 03/05/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1339 [GMT 3:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\LG USB Drive 2.9\LG_Drive.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe
    C:\Program Files\COSMOTE\Internet On the Go\AutoUpdateSrv.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    I:\ProgramFiles\dds.com
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.kypros.org/LearnGreek/
    uDefault_Page_URL = hxxp://www.dell.co.uk/myway
    uWindow Title = Microsoft Internet Explorer provided by Tiscali
    uSearch Bar = hxxp://www.lycos.co.uk/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\system32\browseui.dll
    TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [EPSON Stylus Photo R360 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiboe.exe /fu "c:\windows\temp\E_S14D.tmp" /EF "HKCU"
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [LG Drive] c:\program files\lg usb drive 2.9\LG_Drive.exe
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [DMXLauncher] "c:\program files\roxio\media experience\DMXLauncher.exe"
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SystemGuardAlerter] "c:\program files\iolo\system mechanic\SystemGuardAlerter.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\kennet~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\kennet~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{90110409-6000-11d3-8cfe-0150048383c9}\outicon.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tp-lin~1.lnk - c:\program files\tp-link\tl-wn313g_353g_353gd\RtWLan.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\cosmote\internet on the go\AutoUpdateSrv.exe
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211826202359
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211826062765
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\kennet~1\applic~1\mozilla\firefox\profiles\qi4gu5iu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
    FF - prefs.js: browser.search.selectedEngine - 100 Search Engines
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-1 11608]
    R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [2010-4-12 241664]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-1 390528]
    R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-15 58984]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 116328]
    R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-3-19 1872320]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-1 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-1 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-1 60936]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-9-17 38144]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-6-30 704432]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-6-30 704432]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-15 779496]
    R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [2007-6-17 12160]
    S3 Gisdnpci;ISDN PnP driver;c:\windows\system32\drivers\gisdnpnp.sys --> c:\windows\system32\drivers\gisdnpnp.sys [?]
    S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [2007-6-17 7040]
    S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [2007-9-2 201728]
    S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-11-24 464264]
    S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-11-24 234888]

    ============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1
    regfile=NOTEPAD.EXE %1
    scrfile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2010-04-29 11:42:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-04-17 13:34:07 0 d-----w- c:\docume~1\kennet~1\applic~1\AnvSoft
    2010-04-17 13:33:56 0 d-----w- c:\program files\AnvSoft
    2010-04-12 15:19:55 241664 ----a-w- c:\windows\system32\drivers\c2scsi.sys
    2010-04-10 10:07:48 54156 ---ha-w- c:\windows\QTFont.qfn
    2010-04-10 10:07:48 1409 ----a-w- c:\windows\QTFont.for
    2010-04-07 07:14:15 0 d-----w- c:\program files\common files\xing shared

    ==================== Find3M ====================

    2010-04-21 11:46:38 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
    2010-04-21 11:46:28 2316712 ----a-w- c:\windows\system32\Incinerator.dll
    2010-04-04 10:56:10 3532 ----a-w- C:\drmHeader.bin
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
    2010-03-09 01:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-25 08:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll
    2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-02-17 06:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-17 06:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
    2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
    2010-02-03 08:21:52 12288 ----a-w- c:\windows\system32\smrgdf.exe
    2010-02-03 08:21:50 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
    2008-05-31 13:56:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008053120080601\index.dat

    ============= FINISH: 11:55:50.40 ===============


    could not get GMER to copy so did screen print and attached

    Thanks for your help with this
     

    Attached Files:

  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully

    Download ComboFix from Here to your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     
  6. dayflyer

    dayflyer Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    19
    Combifix.txt report:-

    ComboFix 10-05-03.01 - Kenneth Lobley 03/05/2010 21:37:06.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1537 [GMT 3:00]
    Running from: c:\documents and settings\Kenneth Lobley\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Common Files\companion wizard
    c:\program files\Common Files\WinAntiVirus Pro 2007
    c:\program files\Common Files\winantivirus pro 2007\err.log
    c:\program files\Common Files\WinAntiVirus Pro 2007\mfc71.dll
    c:\program files\Common Files\WinAntiVirus Pro 2007\msvcp71.dll
    c:\program files\Common Files\winantivirus pro 2007\msvcr71.dll
    c:\program files\video access activex object
    c:\program files\video access activex object\ot.ico
    c:\program files\video access activex object\ts.ico
    c:\program files\WindowsUpdate
    c:\windows\a3kebook.ini
    c:\windows\akebook.ini
    c:\windows\ANS2000.INI
    c:\windows\system32\Thumbs.db
    c:\windows\system32\twain.dll
    c:\windows\wc98pp.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_FOPN


    ((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
    .

    2010-04-29 11:42 . 2010-04-29 11:42 -------- d-----w- c:\program files\Alwil Software
    2010-04-29 11:42 . 2010-04-29 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-04-17 13:34 . 2010-04-17 13:34 -------- d-----w- c:\documents and settings\Kenneth Lobley\Application Data\AnvSoft
    2010-04-17 13:33 . 2010-04-17 13:33 -------- d-----w- c:\program files\AnvSoft
    2010-04-12 15:19 . 2006-03-04 12:00 241664 ----a-w- c:\windows\system32\drivers\c2scsi.sys
    2010-04-07 20:54 . 2010-04-07 20:54 -------- d-----w- c:\program files\Common Files\Skype
    2010-04-07 07:14 . 2010-04-07 07:14 -------- d-----w- c:\program files\Common Files\xing shared

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-03 18:14 . 2007-03-26 20:55 -------- d-----w- c:\documents and settings\Kenneth Lobley\Application Data\MailWasherPro
    2010-05-03 16:36 . 2008-08-20 16:51 -------- d-----w- c:\documents and settings\Kenneth Lobley\Application Data\FileZilla
    2010-05-03 09:42 . 2009-07-05 12:39 518 ----a-w- c:\documents and settings\Kenneth Lobley\Application Data\iolo\Registry\Last\restore.bat
    2010-05-03 06:30 . 2008-07-30 17:58 -------- d-----w- c:\documents and settings\Kenneth Lobley\Application Data\Skype
    2010-05-03 06:10 . 2008-02-04 17:51 -------- d-----w- c:\documents and settings\Kenneth Lobley\Application Data\skypePM
    2010-04-29 18:43 . 2009-06-30 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
    2010-04-29 05:58 . 2009-03-19 12:50 -------- d-----w- c:\program files\a-squared Free
    2010-04-27 11:15 . 2010-03-21 13:03 -------- d-----w- c:\documents and settings\Kenneth Lobley\Application Data\PrimoPDF
    2010-04-24 12:18 . 2009-08-25 10:49 -------- d-----w- c:\program files\FileZilla FTP Client
    2010-04-21 11:46 . 2009-07-22 16:23 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
    2010-04-21 11:46 . 2009-06-30 14:02 2316712 ----a-w- c:\windows\system32\Incinerator.dll
    2010-04-20 06:45 . 2007-06-17 13:39 -------- d-----w- c:\documents and settings\Kenneth Lobley\Application Data\Roxio
    2010-04-18 10:56 . 2009-06-30 14:13 1547 ----a-w- c:\documents and settings\Kenneth Lobley\Application Data\iolo\restore.bat
    2010-04-11 16:10 . 2009-09-20 17:53 -------- d-----w- c:\documents and settings\Kenneth Lobley\Application Data\Azureus
    2010-04-07 20:54 . 2008-07-30 17:58 -------- d-----r- c:\program files\Skype
    2010-04-07 20:54 . 2008-02-04 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-04-07 07:14 . 2010-04-07 07:14 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-04-07 07:14 . 2010-04-07 07:14 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-04-07 07:14 . 2010-04-07 07:14 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-04-07 07:14 . 2010-04-07 07:14 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-04-07 07:14 . 2010-04-07 07:14 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-04-07 07:14 . 2010-04-07 07:14 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-04-07 07:14 . 2010-04-07 07:14 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-04-07 07:14 . 2010-04-07 07:14 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-04-07 07:14 . 2010-04-07 07:14 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-04-07 07:14 . 2005-01-12 09:32 -------- d-----w- c:\program files\Common Files\Real
    2010-04-07 07:14 . 2005-01-12 09:32 -------- d-----w- c:\program files\Real
    2010-04-07 07:09 . 2010-04-07 07:09 734728 ----a-w- c:\documents and settings\Kenneth Lobley\Application Data\Real\RealPlayer\setup\AU_setup13.exe
    2010-04-07 06:57 . 2008-06-24 10:53 -------- d-----w- c:\program files\Common Files\Java
    2010-04-07 06:57 . 2010-04-07 06:57 503808 ----a-w- c:\documents and settings\Kenneth Lobley\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7781092d-n\msvcp71.dll
    2010-04-07 06:57 . 2010-04-07 06:57 499712 ----a-w- c:\documents and settings\Kenneth Lobley\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7781092d-n\jmc.dll
    2010-04-07 06:57 . 2010-04-07 06:57 348160 ----a-w- c:\documents and settings\Kenneth Lobley\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7781092d-n\msvcr71.dll
    2010-04-07 06:57 . 2010-04-07 06:57 12800 ----a-w- c:\documents and settings\Kenneth Lobley\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7e9dce10-n\decora-d3d.dll
    2010-04-07 06:57 . 2010-04-07 06:57 61440 ----a-w- c:\documents and settings\Kenneth Lobley\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7e9dce10-n\decora-sse.dll
    2010-04-07 06:56 . 2008-06-24 10:55 -------- d-----w- c:\program files\Java
    2010-04-04 10:56 . 2009-01-18 19:26 3532 ----a-w- C:\drmHeader.bin
    2010-04-02 07:50 . 2009-06-13 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-03-26 08:45 . 2010-03-26 08:45 -------- d-----w- c:\documents and settings\Kenneth Lobley\Application Data\Avira
    2010-03-21 13:00 . 2010-03-21 13:00 -------- d-----w- c:\program files\Nitro PDF
    2010-03-10 06:15 . 2004-08-04 05:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-09 01:28 . 2008-12-23 09:26 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-03-07 08:40 . 2005-01-12 09:28 -------- d-----w- c:\program files\Microsoft Works
    2010-03-01 12:35 . 2010-03-01 12:35 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys
    2010-03-01 12:35 . 2010-03-01 12:35 390528 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys
    2010-03-01 12:35 . 2010-03-01 12:35 249856 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll
    2010-03-01 07:05 . 2009-05-01 12:08 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-02-25 06:24 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2004-08-04 05:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-17 06:10 . 2004-08-04 05:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-04 05:00 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-16 11:24 . 2009-05-01 12:08 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-02-12 10:03 . 2010-03-06 09:51 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-12 04:33 . 2004-08-04 05:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-04 05:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-02-03 08:21 . 2009-06-30 14:02 12288 ----a-w- c:\windows\system32\smrgdf.exe
    2010-02-03 08:21 . 2009-06-30 14:02 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-23 160592]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "LG Drive"="c:\program files\LG USB Drive 2.9\LG_Drive.exe" [2006-07-28 1015808]
    "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-27 221184]
    "DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-11-13 102400]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "SystemGuardAlerter"="c:\program files\iolo\System Mechanic\SystemGuardAlerter.exe" [2010-04-21 520616]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-07 202256]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Kenneth Lobley\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2005-2-10 794624]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
    TP-LINK Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe [2008-9-25 790528]
    Update Agent.lnk - c:\program files\COSMOTE\Internet On the Go\AutoUpdateSrv.exe [2009-9-22 667648]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /p \??\I:\0autocheck autochk *

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Roxio\\Sound Editor 9\\SoundEdit9.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 c2scsi;c2scsi;c:\windows\SYSTEM32\DRIVERS\c2scsi.sys [12/04/2010 18:19 241664]
    R1 RapportBuka;RapportBuka;c:\windows\SYSTEM32\DRIVERS\RapportBuka.sys [01/03/2010 15:35 390528]
    R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 14:47 58984]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 14:47 116328]
    R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [19/03/2009 15:50 1872320]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [01/05/2009 15:08 135336]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\SYSTEM32\DRIVERS\EAPPkt.sys [17/09/2008 18:23 38144]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [30/06/2009 17:02 704432]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [30/06/2009 17:02 704432]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 14:47 779496]
    R3 Bonifay;Bonifay;c:\windows\SYSTEM32\DRIVERS\Bonifay.sys [17/06/2007 15:03 12160]
    S3 Gisdnpci;ISDN PnP driver;c:\windows\system32\DRIVERS\gisdnpnp.sys --> c:\windows\system32\DRIVERS\gisdnpnp.sys [?]
    S3 Gonzales;Gonzales;c:\windows\SYSTEM32\DRIVERS\Gonzales.sys [17/06/2007 15:03 7040]
    S3 HSFHWCD2;HSFHWCD2;c:\windows\SYSTEM32\DRIVERS\HSFHWCD2.sys [02/09/2007 19:57 201728]
    S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [24/11/2009 23:02 464264]
    S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [24/11/2009 23:02 234888]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mchInjDrv
    .
    Contents of the 'Scheduled Tasks' folder

    2005-01-17 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]

    2010-05-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2217238602-916455521-1416465821-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 19:09]

    2010-05-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2217238602-916455521-1416465821-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 19:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.kypros.org/LearnGreek/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Kenneth Lobley\Application Data\Mozilla\Firefox\Profiles\qi4gu5iu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
    FF - prefs.js: browser.search.selectedEngine - 100 Search Engines
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-AVG Anti-Spyware Guard



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-03 21:57
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2217238602-916455521-1416465821-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(8428)
    c:\windows\system32\WININET.dll
    c:\program files\iolo\Common\Lib\sguard.dll
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Roxio\Drag-to-Disc\Shellex.dll
    c:\windows\system32\DLAAPI_W.DLL
    c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\iolo\System Mechanic\IoloSGCtrl.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    c:\program files\Microsoft Office\OFFICE11\WINWORD.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-05-03 22:07:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-05-03 19:07

    Pre-Run: 5,328,048,128 bytes free
    Post-Run: 5,194,260,480 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 8E7520A7194C281AD44CEBE45FFBD2D0
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    you have totally confused the issue

    you posted a screen shot of gmer showing a rootkit but CF isn't showing anything

    After doing lots of research and spending time that could have been puit to better use, I found out that you posted the example screenshot from the gmer website so it doesn't look like you even ran gmer at all

    now try & run teh gmer rootkit detector again so we can see if it does have a rootkit & tell us how the computer is
     
  8. dayflyer

    dayflyer Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    19
    I apologise for the gaf

    On 1st startup the computer went to blackscreen with horizontal flashing curser but then did a "cough" and booted up.

    later the computer was switched off for about 1 hr and on startup it went to black screen and I had to use F2 and esc for it to boot but on both occasions the internal H drive booted which it has not done for a few days.

    I ran GMER and it was running for some time when it blue screened, said it had switched windows off as the PFN_LIST_CORRUPT and told me to restart the computer as this was the first time I had seen this screen. On restart I had to use F2 and esc again and the H drive did not boot this time.

    There does not appear to be a GMER report in the C drive - should I run GMER again?
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    if gmer is crashing with taht error, it doesn't sound hopeful and does actually sound like a hardware isssue but might still be a disk driver rootkit problem

    lets see if this shows us anything

    download the free trial of http://www.prevx.com/freescan.asp

    Double click the file to install it
    scan with it

    if it finds a rootkit it will offer to fix it, let it do the fix. if it finds anything else, report what it finds please
    It is only free to deal with some rootkits and some adwares but will suggest you buy it to fix anything else
    Before you do that ( if you decide to ) post its report so we can advise if it is necessary or whether we can deal with it another way

    to get the report
    right click the prevx icon in sys tray
    select configure monitoring, then select the tools tab & save scan results
    attach that file here to your next reply ( it might be too big to attach so zip it first)
     
  10. dayflyer

    dayflyer Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    19
    Please find attached Prevx log

    One item was disinfected.
     

    Attached Files:

  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    no signs of any malware in there now

    Combiofix did fix several things

    how is it now, are you still, having any problems
     
  12. dayflyer

    dayflyer Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    19
    Have just switched off & booted and it still goes to black screen - f2 - esc to get going.

    tried a restart and it booted OK but on both occasions the internal H drive did not boot.

    With regard to explorer.exe - I no longer get the message on shut down that explorer.exe needs to close.

    It looks as if I need a Malware programme that continuously monitors - do you recommend the Prevx against the a-squared pro or is there no difference?

    If it is a hardware problem - is it the C-drive needs replacing? if so can the internal H-drive replace it and can you recommend a website that would show me how to transfer everything from the C-drive?
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    that sounds like it might be the motherboard battery flat & therefore not deetcting the drives properly

    you will need to change the battery & reset the bios to deafults after the battery change
     
  14. dayflyer

    dayflyer Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    19
    Ok will get new battery and try that - Thanks for helping to remove malware - Hedgehog Rescue Centre will receive donation
     
  15. dayflyer

    dayflyer Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    19
    The battery has certainly improved things. I just have an error that is stopping boot - "Error auto-sensing primary hard disc drive1"
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918514

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice