Antivirus system pro

Hello - I have this antivirus pro malware on my system - however I have installed Hijack this but it seems to be corrupted by the malware..

I have tried to follow the instructions about posting a log via Hijack this but even this seems to be attacked by whatever is on my computer..

Can you post "easy for an idiot to follow" instructions on how I can provide the necessary information for you to assist me...

thanks

Hello hantsweegie,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

• If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  
• If you have any cracked/pirated software in your computer delete them or we will not help you.
  
• Only follow advise from Geek Police Staff and not a regular member.
  
• Do NOT run any tool without Geek Police supervision as it could hinder your system useless.
  

Can you rename HijackThis to winlogon.exe and see if it runs.

I dont think I could download the Hijack this applcation, I could only open it via the 'Mirror Application'

I certainly can't see and application under that name

Okay I think I now have Hijack This downloaded onto my system but I cannot open it as it is telling me that the file is corrupted. I think I have renamed the file as logon.exe and I get the same message...

It has to be named winlogon.exe, not logon.exe.

sorry to be so stupid but how do i rename the file?

Right click > Rename.
Make it simpler, download this version of Hijack This from here:
http://www.sendspace.com/pro/dl/932rpd

Run and do a system scan with logfile, then post the log here.

i have done that but cannot copy it as i am told that notepad.exe is corrupted

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:10, on 07/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1145123258\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\ld12.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\AOL 9.0c\aoltray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\common files\aol\1145123258\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\winlogon.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/aolbroadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myaolbroadband.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 66.38.215.115 kazza.com
O1 - Hosts: 66.38.215.115 www.kazza.com
O1 - Hosts: 66.38.215.115 kaza.com
O1 - Hosts: 66.38.215.115 www.kaza.com
O1 - Hosts: 66.38.215.115 kaaza.com
O1 - Hosts: 66.38.215.115 www.kaaza.com
O1 - Hosts: 66.38.215.115 kahza.com
O1 - Hosts: 66.38.215.115 www.kahza.com
O1 - Hosts: 66.38.215.115 edonkey.com
O1 - Hosts: 66.38.215.115 www.edonkey.com
O1 - Hosts: 66.38.215.115 emule.com
O1 - Hosts: 66.38.215.115 www.emule.com
O1 - Hosts: 66.38.215.115 suprnova.com
O1 - Hosts: 66.38.215.115 www.suprnova.com
O1 - Hosts: 64.124.166.37 klite.com
O1 - Hosts: 64.124.166.37 www.klite.com
O1 - Hosts: 64.124.166.37 k-lite.com
O1 - Hosts: 64.124.166.37 www.k-lite.com
O1 - Hosts: 64.124.166.37 kazaalite.com
O1 - Hosts: 64.124.166.37 www.kazzalite.com
O1 - Hosts: 64.124.166.37 kazalite.com
O1 - Hosts: 64.124.166.37 www.kazalite.com
O1 - Hosts: 64.124.166.37 kaazalite.com
O1 - Hosts: 64.124.166.37 www.kaazalite.com
O1 - Hosts: 66.38.215.115 kazza.com
O1 - Hosts: 66.38.215.115 www.kazza.com
O1 - Hosts: 66.38.215.115 kaza.com
O1 - Hosts: 66.38.215.115 www.kaza.com
O1 - Hosts: 66.38.215.115 kaaza.com
O1 - Hosts: 66.38.215.115 www.kaaza.com
O1 - Hosts: 66.38.215.115 kahza.com
O1 - Hosts: 66.38.215.115 www.kahza.com
O1 - Hosts: 66.38.215.115 edonkey.com
O1 - Hosts: 66.38.215.115 www.edonkey.com
O1 - Hosts: 66.38.215.115 emule.com
O1 - Hosts: 66.38.215.115 www.emule.com
O1 - Hosts: 66.38.215.115 suprnova.com
O1 - Hosts: 66.38.215.115 www.suprnova.com
O1 - Hosts: 64.124.166.37 klite.com
O1 - Hosts: 64.124.166.37 www.klite.com
O1 - Hosts: 64.124.166.37 k-lite.com
O1 - Hosts: 64.124.166.37 www.k-lite.com
O1 - Hosts: 64.124.166.37 kazaalite.com
O1 - Hosts: 64.124.166.37 www.kazzalite.com
O1 - Hosts: 64.124.166.37 kazalite.com
O1 - Hosts: 64.124.166.37 www.kazalite.com
O1 - Hosts: 64.124.166.37 kaazalite.com
O1 - Hosts: 64.124.166.37 www.kaazalite.com
O1 - Hosts: 66.38.215.115 kazza.com
O1 - Hosts: 66.38.215.115 www.kazza.com
O1 - Hosts: 66.38.215.115 kaza.com
O1 - Hosts: 66.38.215.115 www.kaza.com
O1 - Hosts: 66.38.215.115 kaaza.com
O1 - Hosts: 66.38.215.115 www.kaaza.com
O1 - Hosts: 66.38.215.115 kahza.com
O1 - Hosts: 66.38.215.115 www.kahza.com
O1 - Hosts: 66.38.215.115 edonkey.com
O1 - Hosts: 66.38.215.115 www.edonkey.com
O1 - Hosts: 66.38.215.115 emule.com
O1 - Hosts: 66.38.215.115 www.emule.com
O1 - Hosts: 66.38.215.115 suprnova.com
O1 - Hosts: 66.38.215.115 www.suprnova.com
O1 - Hosts: 64.124.166.37 klite.com
O1 - Hosts: 64.124.166.37 www.klite.com
O1 - Hosts: 64.124.166.37 k-lite.com
O1 - Hosts: 64.124.166.37 www.k-lite.com
O1 - Hosts: 64.124.166.37 kazaalite.com
O1 - Hosts: 64.124.166.37 www.kazzalite.com
O1 - Hosts: 64.124.166.37 kazalite.com
O1 - Hosts: 64.124.166.37 www.kazalite.com
O1 - Hosts: 64.124.166.37 kaazalite.com
O1 - Hosts: 64.124.166.37 www.kaazalite.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: BHO - {8567EDFA-408C-43e9-B929-4C25C04F5003} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Broadband Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AKeyboard Manager Utility] "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145123258\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0c\aoltray.exe
O4 - Global Startup: AOL Demo.lnk = C:\Applications\Tool\AOL Demo\DSGDemo.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-GB\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://webgames.d.tmsrv.com/c=ba66093aebd8c53cd0704d9e4dbcaf6c/aff=t_25oa_ukca_wg/p/release/popcap/wg_bejeweled2/popcaploader_v6.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 15223 bytes

I am better than i thought...

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  O2 - BHO: BHO - {8567EDFA-408C-43e9-B929-4C25C04F5003} - C:\WINDOWS\system32\iehelper.dll
  O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
  O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
  O4 - HKCU\..\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.38
Database version: 2388
Windows 5.1.2600 Service Pack 3

08/07/2009 01:20:06
mbam-log-2009-07-08 (01-20-06).txt

Scan type: Quick Scan
Objects scanned: 89876
Time elapsed: 16 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\wbem\proquota.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\documents and settings\David\local settings\Temp\~TMA7.tmp (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\jmmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101465749.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101465752.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Program Files\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


even now, after 2 days of those annoying pop ups etc, its a relief to have them gone, even if there is still more to do

Hello.

Download HostsXpert from HERE

• Unzip it and start HostsXpert.exe (Vista users will need to right click > "Run as administrator" to open the program)
  
• If "Make writeable?" is shown in red at the top, click it to make writeable.
  
• Press "Restore MS Hosts File"
  
• OK the prompt.
  
• Then click on "Make read only"
  
• Exit HostXpert.
  

Next,

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

Last edited by Belahzur on 8th July 2009, 1:11 am; edited 1 time in total

okay, I am back to being stupid...

I have downloaded and extracted the files for HostsXpert.. I right click and it gives me "Run As..." as one of the options... when I do that I get an error message..

Error : Cannot create file C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\UQENNIHE\HostsXpert[1]\HostsXpert\HostsXpert.tmp

Sorry, wrong instructions. I gave you the instructions for Vista, and this is XP.
Just double left click and open as normal.

I'll correct my above post now.

DDS (Ver_09-06-26.01) - NTFSx86
Run by David at 9:35:47.03 on 08/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.477.26 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1145123258\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0c\aoltray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\common files\aol\1145123258\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1145123258\ee\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\David\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://www.aol.co.uk/aolbroadband
mStart Page = hxxp://www.myaolbroadband.co.uk
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol broadband toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AOL Broadband Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol broadband toolbar 5.0\aoltb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
uRun: [Power2GoExpress]
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: []
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [AKeyboard Manager Utility] "c:\program files\keyboard manager\manager utility\KeyboardManager.exe" /lang en /H
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [DSLSTATEXE] c:\program files\bt voyager 105 adsl modem\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\bt voyager 105 adsl modem\dslagent.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [HostManager] c:\program files\common files\aol\1145123258\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0c\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aoldem~1.lnk - c:\applications\tool\aol demo\DSGDemo.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-gb\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://webgames.d.tmsrv.com/c=ba66093aebd8c53cd0704d9e4dbcaf6c/aff=t_25oa_ukca_wg/p/release/popcap/wg_bejeweled2/popcaploader_v6.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-6 130936]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 FspadSvc;FspadSvc;c:\program files\avc finger-sensing pad driver\FspadSvr.exe [2005-12-9 520192]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-12 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-12 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-12 144704]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-7-6 348752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;c:\windows\system32\drivers\fspad.sys [2005-12-9 14848]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-12 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-12 35272]
S2 Ca533av;DV Cam(Video);c:\windows\system32\drivers\ca533av.sys --> c:\windows\system32\drivers\Ca533av.sys [?]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-3-5 17152]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-12 606736]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-12 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-12 40552]
S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [2005-2-24 162176]
S3 USBCamera;DSC Still Image Capture (CA533A);c:\windows\system32\drivers\bulk533.sys --> c:\windows\system32\drivers\Bulk533.sys [?]

=============== Created Last 30 ================

2009-07-08 00:43 --d----- c:\docume~1\david\applic~1\Malwarebytes
2009-07-07 09:01 --d----- c:\program files\Trend Micro
2009-07-06 20:59 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-07-06 20:59 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-07-06 20:59 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-06 20:57 --d----- c:\program files\common files\PC Tools
2009-07-06 20:57 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-07-06 20:56 --d----- c:\program files\Spyware Doctor
2009-07-06 20:56 --d----- c:\docume~1\david\applic~1\PC Tools
2009-07-06 20:56 --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-07-06 20:38 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 20:38 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-06 20:38 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-06 20:38 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 09:59 --d----- c:\windows\system32\wbem\Repository
2009-06-17 19:11 56 a---h--- c:\windows\system32\ezsidmv.dat

==================== Find3M ====================

2009-07-07 23:29 15,192 a------- c:\program files\hijackthis.log
2009-06-18 09:43 224,504 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2006-06-17 13:06 5,856,839 a------- c:\program files\dBpowerAMP-codec-wmav91.exe
2006-06-03 20:54 462,474 a------- c:\program files\dBpowerAMP-codec-mp4.exe
2006-06-03 20:35 2,167,119 a------- c:\program files\dMC-r11[1].5.exe
2006-05-28 22:41 20,409,656 a------- c:\program files\FSS_PH60.exe
2006-05-16 22:14 252 a------- c:\docume~1\david\applic~1\wklnhst.dat
2003-08-27 23:19 36,963 a----r-- c:\program files\common files\SM1updtr.dll
2008-09-18 15:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 9:37:42.07 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 14/04/2006 05:00:28
System Uptime: 07/08/2009 08:57:07 (-719 hours ago)

Motherboard: DIXONSXP | |
Processor: Intel(R) Celeron(R) M processor 1.50GHz | Socket 479M | 1501/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 33 GiB total, 8.127 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP519: 08/04/2009 22:45:11 - System Checkpoint
RP520: 10/04/2009 21:31:33 - System Checkpoint
RP521: 12/04/2009 13:38:24 - System Checkpoint
RP522: 20/04/2009 14:28:49 - System Checkpoint
RP523: 20/04/2009 17:06:50 - Software Distribution Service 3.0
RP524: 21/04/2009 20:36:21 - System Checkpoint
RP525: 23/04/2009 15:10:50 - System Checkpoint
RP526: 24/04/2009 20:33:21 - System Checkpoint
RP527: 27/04/2009 13:53:54 - System Checkpoint
RP528: 29/04/2009 08:45:35 - Software Distribution Service 3.0
RP529: 01/05/2009 12:31:08 - System Checkpoint
RP530: 03/05/2009 21:01:22 - System Checkpoint
RP531: 05/05/2009 19:05:42 - System Checkpoint
RP532: 06/05/2009 19:06:42 - System Checkpoint
RP533: 07/05/2009 19:11:11 - System Checkpoint
RP534: 12/05/2009 20:15:58 - System Checkpoint
RP535: 13/05/2009 00:38:29 - Software Distribution Service 3.0
RP536: 14/05/2009 00:59:57 - Software Distribution Service 3.0
RP537: 15/05/2009 12:59:11 - System Checkpoint
RP538: 20/05/2009 18:22:47 - System Checkpoint
RP539: 21/05/2009 18:34:44 - System Checkpoint
RP540: 21/05/2009 21:16:41 - Removed Apple Mobile Device Support
RP541: 21/05/2009 21:18:54 - Removed Apple Software Update
RP542: 26/05/2009 10:54:30 - System Checkpoint
RP543: 27/05/2009 17:14:36 - Software Distribution Service 3.0
RP544: 29/05/2009 14:36:37 - System Checkpoint
RP545: 01/06/2009 13:58:45 - System Checkpoint
RP546: 02/06/2009 17:08:52 - System Checkpoint
RP547: 04/06/2009 21:02:43 - System Checkpoint
RP548: 04/06/2009 22:53:34 - Software Distribution Service 3.0
RP549: 08/06/2009 16:55:41 - System Checkpoint
RP550: 09/06/2009 18:37:28 - System Checkpoint
RP551: 10/06/2009 23:44:41 - Software Distribution Service 3.0
RP552: 13/06/2009 12:56:22 - System Checkpoint
RP553: 15/06/2009 12:59:37 - System Checkpoint
RP554: 16/06/2009 03:38:09 - Restore Operation
RP555: 18/06/2009 09:49:16 - Removed Skype 4.0
RP556: 18/06/2009 09:55:21 - Restore Operation
RP557: 19/06/2009 17:19:19 - System Checkpoint
RP558: 23/06/2009 10:52:40 - System Checkpoint
RP559: 24/06/2009 11:09:28 - System Checkpoint
RP560: 25/06/2009 18:07:29 - System Checkpoint
RP561: 27/06/2009 18:52:43 - System Checkpoint
RP562: 29/06/2009 17:50:01 - System Checkpoint
RP563: 01/07/2009 03:56:57 - System Checkpoint
RP564: 02/07/2009 14:26:37 - System Checkpoint
RP565: 03/07/2009 15:19:14 - System Checkpoint
RP566: 06/07/2009 10:03:50 - System Checkpoint
RP567: 06/07/2009 20:53:12 - Software Distribution Service 3.0

==== Installed Programs ======================


360Share(remove only)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
Agere Systems AC'97 Modem
AOL Broadband Toolbar 5.0
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Ask Toolbar
Atheros Client Installation Program
Audacity 1.2.4
AutoUpdate
AVC Finger-sensing Pad Driver
BitTorrent
BroadJump Client Foundation
BT Voyager 105 ADSL Modem
BT Voyager Modem AOL Test
BUFFALO TurboUSB for FLASH/HDD
Choice Guard
Critical Update for Windows Media Player 11 (KB959772)
Cypress USB Mass Storage Driver Installation
dBpowerAMP Mp4 Codec
dBpowerAMP Music Converter
DivX
DivX Converter
DivX Player
DNA
Free Mp3 Wma Converter V 1.5.1
Full Tilt Poker.Net
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Keyboard Manager Utility
king.com (remove only)
Last.fm 1.5.1.29527
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Works
Mozilla Firefox (2.0)
MSN
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
PC Camer@
Power2Go 4.0
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
Rhapsody Player Engine
Roxio Burn Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
Serif PhotoPlus 6.0
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
Smart Menus (Windows Live Toolbar)
Spyware Doctor 6.0
Tabbed Browsing (Windows Live Toolbar)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
USB Storage Adapter FX (SM1)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

08/07/2009 01:26:34, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
08/07/2009 00:53:43, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
07/07/2009 23:08:41, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Real-time Scanner service, but this action failed with the following error: An instance of the service is already running.
07/07/2009 23:01:19, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/07/2009 23:01:12, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
07/07/2009 08:10:33, error: Service Control Manager [7022] - The McAfee Real-time Scanner service hung on starting.
06/07/2009 20:53:19, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80242000: Windows Genuine Advantage Validation Tool (KB892130).
06/07/2009 20:20:30, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
06/07/2009 20:16:16, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
06/07/2009 20:16:16, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/07/2009 20:31:05, error: Service Control Manager [7000] - The DV Cam(Video) service failed to start due to the following error: The system cannot find the file specified.
03/07/2009 16:41:29, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
03/07/2009 16:41:29, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
01/07/2009 23:48:55, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
01/07/2009 23:48:55, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

just a quick question, and i am incredibly grateful for your help... is there anything else i need to do or can i go back to my usual net use... taking a bit more care this time...


many many thanks

Hello.
Sorry for the delay, you topic got pushed back in the surge of traffic.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Ask Toolbar
BitTorrent
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Viewpoint Media Player

How is the machine running now?

Many thanks, I did appreciate that you had plenty of people whose situation was worse than mine...

I have removed those programs, everything seems to be fine.... anything else I need to do...

Nope, the rest looks fine.